Microsoft wants to put an end to the main mistakes of the future along the lines of Specter, with the company that offers large amounts of money to hunt down these types of defects.
Microsoft's new bug reward program is specifically designed for "speculative vulnerabilities for sidewall execution," such as Specter and Meltdown, which impacted Intel chips, as well as AMD and ARM processors in the case of the first.
The software giant noted that this represented a new class of vulnerabilities and a major change in the threat environment, and the response is this new program that will pay up to $ 250,000 (about £ 180,000, AU $ 320,000) for those who discover and disclose such errors to Microsoft.
Joint Effort
The top level expense of up to $ 250,000 will be ended for the discovery of completely new classes of speculative execution attacks, whereby Microsoft pays up to $ 200,000 (approximately £ 145,000, AU $ 255,000) for discovering methods to defend Windows defenses . bypassing existing speculative execution errors.
Those who discover new twists in known speculative security vulnerabilities with Windows 10 or the Microsoft Edge browser can place a reward of up to $ 25,000 (approximately £ 18,000, AU $ 32,000).
Of course, the hope is that Microsoft can use such early warnings to find a solution before a potential vulnerability becomes public. The company says it will share all findings and research with other companies involved to collaborate on schemes because "the vulnerabilities of the lateral speculative execution channel require a response from the industry."
Of course, when it came to Specter and Meltdown, although the collaboration started a good half year before these holes became known, the patch was still a very nonchalant affair. In fact, the solutions for many affected Intel CPUs have not yet begun.
We hope that the lessons are learned when it comes to future reactions to possible vulnerabilities in this category. But it is clearly a positive step forward for Microsoft, although it is not surprising, given the seriousness and potential impact of these failures, as we have seen this year.