back to article Microsoft: Reckon our code is crap? Prove it and $30k could be yours

Having finally pushed out the first Beta preview of its Chromium-based browser, Microsoft has launched a bounty programme aimed at getting researchers to kick the tyres on its latest and greatest. Up to $30k is available to researchers who find what Microsoft deems "critical and important" vulnerabilities in the Beta and Dev …

  1. JimmyPage
    Stop

    So this is the future - not wages, but "prizes" ?

    Have YouGov taken over Microsoft ?

    Am I alone in finding the "bug bounty" culture that appears to have developed a tad ... problematic ? How long before we see it applied to our own jobs ? And then in the wider world. Imagine if Sainsburys were able to avoid paying wages, but offer a "bounty" to the first person to get a shelf stacked ? Meaning (here's the genius bit) they actually get all shelves stacked (or 99% stacked) but only have to pay for one person.

    1. Anonymous Coward
      Anonymous Coward

      Re: So this is the future - not wages, but "prizes" ?

      ... the bottom line being we take security so seriously, we're willing to turn it into a competition ?

    2. chrisw67

      A blessing and a curse

      If I was paid by the bug found in some of the software I am blessed with supporting I could retire real soon. On the other hand, if I was not paid until the bugs were _fixed_ the soup kitchen would beckon.

    3. GnuTzu

      Re: So this is the future - not wages, but "prizes" ?

      Sounds like piecework.

      Do we get benefits with that?

  2. Pascal Monett Silver badge
    Trollface

    "Yo browser sucks, Micro$oft" is unlikely to go down well

    Yeah, but still, Yo browser sucks, Micro$oft.

  3. Tromos

    30k bounty

    Still loads cheaper than hiring competent coders and testers.

  4. A random security guy Bronze badge

    Not very profitable.

    First you have to find the issues. Then you have to write the proof-of-concept that shows how you can do remote code execution. Then you have to convince MSFT that it is a real bug. Moreover, if it requires chained exploits you have to give up the other exploits.

    Thanks MSFT. Will look at your stuff maybe later. When I can convince my engineers to actually use Windows.

    1. Evil3eaver

      Re: Not very profitable.

      First thought I had was... 30k really like real hackers make millions how you gonna think your going to attract anyone for 30K most companies pay 10K per bug cause it actually costs that but considering they are saving heaps of time on top it is still a deal. 30k Total ain't gonna git you much.

      1. Anonymous Coward
        Anonymous Coward

        Re: Not very profitable.

        Indeed. Any real bug is more profitable for nefarious purposes than $30k. Depending on the bug, you might to have add two or three zeros behind it.

  5. This post has been deleted by its author

  6. Anonymous Coward
    Facepalm

    Holds up copy of Win98 - demands the cash.

    What??

    Oh CURRENT code; hang on, exactly how old IS the Notepad.exe coding??

  7. HatHatHatHatHat

    NO ONE will qualify for the 30k awards and therefore M$ will claim they have faultless browser

  8. ChadF

    Drop in the bucket

    Only $30k? Microsoft probably spends more than that on toilet paper in the executive restrooms, each month. And is certainly cheaper than paying multiple $100k on employees/services to do the same work (most of which will result in dead ends).

  9. Anonymous Coward
    Anonymous Coward

    "Microsoft: Reckon our code is crap? Prove it and $30k could be yours"

    Windows ME, Vista, 10 and MS-DOS 4.0.

  10. Anonymous Coward
    Anonymous Coward

    Can bug hunters lobby to become entitled to employee benefits like Uber drivers in California?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020