Cатсн²² (in)sесuяitу / ChrisJohnRiley

As most people have already read (unless you’re still under that rock), Microsoft made a landmark announcement yesterday regarding its new bug bounty programs. If you’ve not already read about the news I won’t try to rehash what’s already been said (detailed information is available in the links below). However in a case of “right place, right time”, Martin McKeay and myself managed to chat to Katie Moussouris (the driver behind these programs) as part of the FIRST conference podcast series.

Hopefully this open and frank discussion helps to clear up any questions people may have forming about the programs and their effect on the InfoSec community at large. Microsoft always do things in a unique way, and these bug bounty programs are unique in many ways. With more emphasis on defense and really talking about fixing the problems, the programs certainly looks interesting and another step along the path to making things more secure… hopefully

Microsoft’s announced bug bounties:

• Mitigation Bypass Bounty
• BlueHat Bonus for Defense
• Internet Explorer 11 Preview Bug Bounty

The podcast can be found here –> http://media.first.org/podcasts/FIRST2013-Katie-Moussoris-Microsoft.mp3

Links:

• http://www.microsoft.com/bountyprograms
  
• http://blogs.technet.com/b/bluehat/
• http://blogs.technet.com/b/bluehat/archive/2013/06/19/heart-of-blue-gold-announcing-new-bounty-programs.aspx