The two security holes that disrupted the IT world at the beginning of the year, Meltdown and Spectre, have been largely tackled. At least the participants have done everything possible to eliminate the threat from the world. However, if someone still exploits them successfully anyway, they can earn a “bounty” from Microsoft.

Meltdown And Spectre Bounty

In the technical world, there is – in simple terms – a competition between the good and the bad. On the one hand, you can find gaps to report to affected companies, and on the other hand sell them to those who use them for harmful purposes. Who receives the contract is often simply a question of money.

The IT corporations must also offer a lot of money accordingly, so that indecisive people do not end up on the dark side of power. In the case of the now-capped Meltdown and Specter blunders, Microsoft can offer up to a quarter of a million dollars if it finds a suitably serious attack scenario and helps to get it out of the way.

Also Read: Surfacebook performance decline after Specter and Meltdown patches now measured

The bounty program is limited in time until the end of the year. It has four levels, which differ in the nature and impact of the attack. The simplest is a known speculative executable vulnerability in Windows 10 or Microsoft Edge, which is rewarded with $ 25,000. If you manage to get around a vulnerability in Windows or Azure that you have already closed, you will receive $ 200,000. New categories of speculative executable attacks are worth the most, here you are rewarded for signing up with a bounty of $ 250,000.

Source

Leave a Reply