Microsoft isn’t the most loved company around, but this time they are doing something good and putting their money where their mouth is and offering up to a $250K bounty for finding vulnerabilities like Spectre. Intel is offering the same kind of cash and I guess Microsoft thought it might be a good idea for them to do the same. I don’t know about anyone else, but this is a good move and I hope it bears fruit. Go grab that cash security researchers. Check out their FAQ.



Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods,” the company explained. “This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.”

Discussion

Source: [H]ardOCP – Microsoft Joining Intel in Offering 0K Bounty for Speculative Execution Bugs