Microsoft offers up to $250k in new bug bounty program after Meltdown and Spectre
Earlier this year, we learned that all modern processors were vulnerable to a new type of security flaws. Indeed, Meltdown and Spectre represent a new class of vulnerabilities called “speculative execution,” and the threat is so serious that it will require a coordinated industry response.
For now, Intel plans to will release firmware updates for all of its processors released over the past five years, and the chip maker has also opened a new bug bounty program with awards up to $250,000. Microsoft made a similar move yesterday, announcing a limited-time bounty program to encourage research on speculative execution side channel vulnerabilities.
Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods,” the company explained. “This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.”
Just like Intel, Microsoft will offer up to $250K rewards to researchers who discover new categories of speculative execution attacks. The program will run through December 31, and you can learn more about how to participate on this FAQ.Further reading: Bug Bounty Program, Microsoft, Spectre