Microsoft offers bug bounties for Spectre, Meltdown flaws2018-03-16 15:39 by Daniela
Tags: Microsoft, Spectre, Meltdown
Microsoft is offering bug bounties for a limited time to security researchers who uncover speculative execution side channel vulnerabilities like Spectre and Meltdown.
These two vulnerabilities have been causing quite a stir over the last several months. They impact almost all CPUs in use today to one extent or another, including Intel, AMD, and ARM processors going back a decade or so. Fixing the bugs, which involve "speculative execution" that is used to speed up processing, has caused system crashes, reboots, and poor performance, and Intel in particular has struggled to create a stable solution.
The company wants to encourage security researchers to responsibly disclose any potential CPU flaws, and up to $250,000 is probably a good way to achieve that. Microsoft also offers up to $250,000 for serious Hyper-V flaws in Windows 10.
"Speculative execution is truly a new class of vulnerabilities," says Phillip Misner, a security group manager at Microsoft. "We expect that research is already underway exploring new attack methods."
Intel similarly opened a nine-month bug bounty program for Spectre/Meltdown-like flaws last month. It is also offering up to US$250,000 for the most serious discoveries.
Read more -here-