1.    22 Apr 2015 #1
    Join Date : Oct 2013
    Posts : 15,556
    64-bit Windows 10 Pro build 14951

    Microsoft Bounty Programs Expansion – Azure and Project Spartan

    I am excited to announce significant expansions to the Microsoft Bounty Programs. We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty.

    This continued evolution includes additions to the Online Services Bug Bounty Program:

    • Azure
      • Azure is Microsoft’s cloud platform and the backbone of Microsoft cloud services.
      • This program will include a number of Azure services, such as: Azure virtual machines, Azure Cloud Services, Azure Storage, Azure Active Directory and much more

    • Sway.com
      • Sway.com is a web application that lets users express ideas in an entirely new way across many devices and platforms

    • Raising the maximum payout for the Online Services Bounty Program
      • We will pay up to $15,000 USD for critical bugs, as always, more for more impactful and better documented bugs.

    We’re also launching a new bounty related to the Windows 10 Technical Preview:

    • Project Spartan Bug Bounty
      • Microsoft’s new browser will be the onramp to the internet for millions of users when Windows 10 launches later this year. Securing this platform is a top priority for the browser team.
      • This bounty includes Remote Code Execution and Sandbox Escapes, as well as design-level security bugs.
        • Always be sure to use the latest version released in the Windows 10 Technical Preview

      • Microsoft will pay up to $15,000 USD for security vulnerabilities reported in Project Spartan, you can see the specifics in the program terms. Don’t hesitate as the Project Spartan Bug Bounty will run from April 22, 2015 to June 22, 2015
        • The bounties for Spartan are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is.

    The Mitigation Bypass bounty and the Bonus bounty for Defense are both very active, paying up to $100,000 USD for novel methods to bypass active mitigations (e.g. ASLR and DEP) in our latest released version of operating system (currently Windows 8.1 and Server 2012 R2) and a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass. We have one addition to the Mitigation bypass bounty:

    • Hyper-V escape
      • Guest-to-Host
      • Guest-to-Guest
      • Guest-to-Host DoS (non-distributed, from a single guest)

    These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud. The additions to the bounty program will be part of the rigorous security programs at Microsoft. They will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services and Security and Compliance Accreditations by third party audits.

    Microsoft has a long history of working closely with security researchers. Having personally done penetration testing and exploit mitigation, I understand that this is intense and difficult work. I can say that we truly value these contributions. Bug bounties are an increasingly important part of the vulnerability research and defense ecosystem and will continue to evolve over time. We will be regularly managing the Microsoft Bounty Programs to help us best protect our many users.

    Mark Russinovich will be sharing some information in his “Assume Breach: An Inside Look at Cloud Service Provider Security” talk. You can also come by the Microsoft Booth at RSA on April 23, 2PM for a Bounty Program Q&A or you can always find the most up to date information about our bounty programs at https://aka.ms/BugBounty and in the associated terms and FAQs.

    I’m looking forward to seeing some great submissions!
    Jason Shirk
    Source: Microsoft Bounty Programs Expansion – Azure and Project Spartan - Microsoft Security Response Center - Site Home - TechNet Blogs
      My System SpecsSystem Spec

  2.    27 Apr 2015 #2
    Join Date : Oct 2014
    Posts : 1,539
    W7 32 bit, Linux Mint Xfce 18 64 bit

    I wish I was more technical I sure could use the $15,000.
      My System SpecsSystem Spec


Similar Threads
Thread Forum
Interact with Desktop using Project Spartan...
I am a developer who currently has a web application that calls a COM object on the PC that IE is running on. With Project Spartan I'm aware that they are getting rid of Active X which is the method we used to be able to do this. What I'm...
Browsers and Email
Hands on with Microsoft's next gen 'Project Spartan' web browser
Read more: Hands on with Microsoft's next gen 'Project Spartan' web browser | Windows Central
Windows 10 News
Project Spartan
I saw somewhere on a MS site that if you are a member of THe insiders Club that you can download this browser. I can't seem to locate the url for the download. Can anyone help with this?
Browsers and Email
Microsoft's Project Spartan is being armed for assault in the browser.
Windows 10 News
The birth of Microsoft's new web rendering engine Project Spartan
Source: http://blogs.msdn.com/b/ie/archive/2015/02/26/a-break-from-the-past-the-birth-of-microsoft-s-new-web-rendering-engine.aspx
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:30.
Find Us
Twitter Facebook Google+

Windows 10 Forums