Microsoft Launches Bounty Program For Speculative Execution Side Channel Vulnerabilities

An anonymous reader shares a report: Microsoft has launched a bug bounty program that will reward anyone who finds the next Meltdown or Spectre vulnerability. Known as speculative execution side channel vulnerabilities, Microsoft is willing to reward anyone who reports bugs that could cause problems like earlier in the year. The rewards on offer range from $5,000 up to $250,000 depending on the severity of the vulnerability, and the bounty program runs until the end of 2018. Microsoft says that it will operate under the principles of coordinated vulnerability disclosure.

Re:Interfering??

[jellomizer]

Well there are a few reasons.
1. Still in terms of PC's Microsoft is #1. So such bugs will negatively affect them. How many of these bugs and crashes we blamed on windows sucking so badly when it was a poorly made driver or an odd 3rd party hardware added in. (where same problems can happen with other systems such as Linux, and we happily blame the hardware vendor for not being open enough)
2. They can get lead time to make a patch or work around. For large software systems, that affect millions/billions of users. Patches need to be done carefully. So there is a lot of regression testing, and making sure the patch doesn't break any official ways of doing thing in Windows. (Crazy hacks that bi-pass the system may always break, and if your program isn't that popular it may break)
3. They can get a marketing information strategy set. Able to point to the root cause (say Intel) and market a stratify of redirecting the blame to them, while looking like a hero for fixing the solution.
4. Microsoft works closely with these hardware guys. They are more apt to work on finding a fix working with them, then a rogue 0 day exploit posted by some black hat hacker. Where they have to fix the problem in the mist of chaos and people getting hurt from the hack. Vs. having an organized plan to solve the issue and put out a good fix.