In the wake of the recent discovery of two significant CPU hardware architectural flaws which can use "speculative execution" to swipe personal data from a victim's computer. We have a full write-up on the situation available here but suffice to say the exploits, officially dubbed Meltdown and Spectre, have caused quite a few headaches for major tech companies.
Intel, in partnership with Microsoft and other companies, has rushed to roll out a number of software patches to address the flaws with some mixed results but Microsoft isn't content to rest on their laurels. To ensure similar exploits do not go unchecked in the future, the software giant has announced a new bug bounty program focused on speculative execution attacks and vulnerabilities.
This program, which will run until December 31, 2018, promises a payout of "Up to $250,000" for the "coordinated disclosure" of new attacks similar to Spectre and Meltdown. The bounty program is separated into four "tiers" based on the severity of a given researcher's discovery.
For example, tier 1 discoveries include "New categories of speculative execution attacks" and offer payouts of up to $250,000 whereas tier 4 discoveries include "[Instances] of a known [speculative execution vulnerability] in Windows 10 or Microsoft Edge" and will only offer payouts of up to $25,000.
Microsoft is undoubtedly hoping these significant monetary incentives will deter researchers from releasing their discoveries into the wild before companies like Intel and AMD can come up with plans to address them.
