Meltdown and Spectre
Image Courtesy:

The whole of last month there has been a huge cry in regards to the Meltdown and Spectre vulnerabilities which effected lots of PCs, Laptops and Smartphones around the world.

All big companies including Microsoft, Apple and Google have been busy pushing out updates for its customers to mitigate the Meltdown and Spectre hardware vulnerabilities.

Microsoft especially has been very busy in regularly pushing out cumulative and patch updates for all versions of its operating system so that it can mitigate the hardware vulnerabilities.

To continue the patching work, Microsoft today announced a new bounty program with the company ready to fetch out as huge as $250,000 for people who are able to find new bugs and inform the company about the same.

The company has launched the bounty program by dividing people in three different categories with Tier 1 to include categories of speculative execution attack and getting a reward of $250,000.

Tier 2 and Tier 3 categories would be referred to as Azure speculative execution and Windows speculative execution respectively and people in these categories will be rewarded with $200,000.

The bounty program has also been launched for researchers who can disclose an instance of a known speculative vulnerability in Windows 10 or Microsoft Edge and would be liable for a reward of $25,000.

The bounty program has been launched on March 14, 2018 and will be running up to December 31, 2018. During the program period any exploits discovered will be shared with other companies which will help them to release protections to their customers as part of updates.

Microsoft has provided full details of the bounty program here and is the first company to launch a bounty program for hardware vulnerabilities. It is advisable for users to go through the full terms of service to know the qualification requirements for the bounty program.