Imagina receber a bela quantia de $250,000 sem sair de casa? É possível e quem pode te dar essa grana é a Microsoft. Mas como? Achando bugs nos produtos Microsoft.
A Microsoft oferece pagamentos diretos em troca de informação de determinados tipos de vulnerabilidades e técnicas de exploração. Isso é um programa muito comum entre fabricantes de softwares e se chama Bug Bounty, que nada mais é que um programa de recompensa.
Conheça o site do programa: https://aka.ms/bugbounty
Esse não é um programa novo, ele existe desde junho de 2013 e é apenas um entre diversas iniciativas da Microsoft para garantir a segurança como por exemplo:
- SDL (Security Development Lifecycle)
- CVD (Coordinated Vulnerability Disclosure)
- Programa Microsoft Active Protections (MAPP)
- Microsoft Vulnerability Research (MSVR)
- Prêmio BlueHat
Esses programas de recompensas ajudam a Microsoft a aproveitar a inteligência coletiva e os recursos dos pesquisadores de segurança para ajudar a proteger os clientes e os softwares. Algumas ofertas de recompensa são tempo limitado.
| Program name | Start date | End date | Eligible entries | Bounty range |
|---|---|---|---|---|
| Microsoft Identity | 2018-7-17 | Ongoing | Vulnerability reports on Identity services, including Microsoft Account, Azure Active Directory, or select OpenID standards. | Up to $100,000 USD |
| Speculative Execution Side Channel Bounty | 2018-03-14 | 2018-12-31 | A novel category or exploit method for a Speculative Execution Side Channel vulnerability | Up to $250,000 USD |
| Windows Insider Preview | 2017-07-26 | Ongoing | Critical and important vulnerabilities in Windows Insider Preview | Up to $15,000 USD |
| Windows Defender Application Guard | 2017-07-26 | Ongoing | Critical vulnerabilities in Windows Defender Application Guard | Up to $30,000 USD |
| Microsoft Hyper-V | 2017-05 -31 | Ongoing | Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V | Up to $250,000 USD |
| Microsoft Edge on Windows Insider Preview | 2016-08-04 | Ongoing | Critical remote code execution and design issues in Microsoft Edge in Windows Insider Preview fast | Up to $15,000 USD |
| Mitigation Bypass and Bounty for Defense | 2013-06-26 | Ongoing | Novel exploitation techniques against protections built into the latest version of the Windows operating system. Additionally, defensive ideas that accompany a Mitigation Bypass submission. | Up to $100,000 USD (plus up to an additional $100,000) |
| Office Insider | 2017-03-15 | Ongoing | Vulnerabilities on Office Insider | Up to $15,000 USD |
| Microsoft .NET Core and ASP.NET Core | 2016-09-01 | Ongoing | Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details) | Up to $15,000 USD |
| Microsoft Cloud Bounty | 2014-09-23 | Ongoing | Vulnerability reports on applicable Microsoft cloud services | Up to $15,000 USD |
Seja o primeiro a comentar