Microsoft to pay first IE 11 Preview bug bounty to BlueHat security contest finalist - holtzdestoo92

Microsoft has already standard respective vulnerability reports that qualify for monetary system rewards as part of the company's bug bounty program launched in June for the preview version of Net Internet Explorer 11.

The recipient of the kickoff IE 11 bounty will be Ivan Fratric, a security researcher who attained second place and $50,000 last year in Microsoft's BlueHat Prize repugn for the development of antiaircraft technologies. Fratric's entryway into the repugn was a system called ROPGuard, which can detect and prevent return-oriented programming (ROP) attacks.

According to his LinkedIn profile, Fratric worked As a investigator at the University of Zagreb's Staff of EE and Computing until October 2012, when he joined Google as an information security applied scientist.

"The security community has responded sky-high to our new bounty programs, submitting over a 12 issues for United States of America to investigate in just the first two weeks since the programs unsealed," said Katie Moussouris, a sr. security measur strategist with Microsoft's Protection Response Center, Midweek in a blog post. "I personally notified the very first bounty recipient via email nowadays that his entry for the I 11 Preview Bug Bounty is habitual and validated," she said, adding that this means "he's getting paid."

Moussouris did not unwrap the identity of the first bounty recipient in the blog Charles William Post, just she unchangeable Thursday that it's Fratric in a Twitter message congratulating him.

Other researchers qualified for IE 11 bounties as well and they will be notified presently, Moussouris said in the web log post. Microsoft volition create an acknowledgement page to inclination the researchers who wish to be publically recognized, she aforementioned.

Microsoft announced the IE 11 Preview bug bounty political program on June 19, aft years of being reluctant to the idea of paying security researchers for reporting vulnerabilities in its products. In the past, the society preferred to encourage the developing of energetic defenses like opposing-exploitation techniques that can block whole classes of exploits. The BlueHat Prize contest in 2012, with a prize pool of over $250,000, was intended to further the ontogeny of such defensive technology.

The IE 11 Preview tap bounty program, meanwhile, kicked cancelled on June 26 and will run 30 years, until July 26. The rumored vulnerabilities can characterize for bounties 'tween $500 and $11,000, or even more in particular cases, depending on the gravitation of the vulnerability and the quality of the describe.

"It's not about offering the most money, just rather about putt attractive bounties extinct at times where in that respect are few buyers (if any)," Moussouris same. "For our products, that tends to be during the preview (operating theatre explorative) period."

At the end of June, Fratric said on Twitter that he reported a potency memory corruptness issue in Explorer 11 Preview to Microsoft, but it's not clear if that's the bug that South Korean won him the program's first Bounty.

In addition to the IE 11 Preview bounteousness program, Microsoft also launched two other programs, one that will honor researchers for finding novel exploitation techniques to circumvent Windows 8.1's deed extenuation defenses and the other for developing new ways to mental block known exploitation techniques.

Source: https://www.pcworld.com/article/452859/microsoft-to-pay-first-ie-11-preview-bug-bounty-to-bluehat-security-contest-finalist.html

Posted by: holtzdestoo92.blogspot.com