April 27, 2015 By Shane Schick 2 min read

Keeping on top of all the possible security flaws in the world’s most popular Web browser may be too much for any single organization, which is why the Microsoft bug bounty program for Project Spartan will grant researchers rewards as high as $15,000 for finding flaws.

In a blog post, the Washington-based software giant challenged white-hat hackers and other security experts to send a vulnerability report detailing functioning flaws between now and June 22. Of course, most of the findings in the Microsoft bug bounty program are expected to be minor and will likely earn payouts in the $500 to $6,000 range.

As Computerworld noted, the upper end of the financial incentive to better secure Project Spartan is 36 percent higher than the Microsoft bug bounty program for Internet Explorer 11. The official name of Project Spartan will likely be revealed during the company’s upcoming Build conference, and the browser could launch by the early summer.

However, Project Spartan isn’t Microsoft’s only bounty program open to security experts. VentureBeat reported that the company has created similar initiatives to protect a range of its other projects, most notably its cloud computing service, Azure, and the upcoming Office Sway. These vulnerability assessments are highly valuable to the company since they provide a way to outsmart cybercriminals before they strike.

Of course, Project Spartan will be a big part of Microsoft’s overall portfolio surrounding Windows 10, its core platform that will also come out later this year. BetaNews observed that the company has already been looking for feedback about any potential flaws within the operating system’s recently released technical preview.

Even in the past few months, there have been examples of security researchers helping companies such as eBay fend off potential flaws through programs similar to Microsoft’s. On the other hand, a recent study suggests the company may want to focus on other tactics.

A story on The Register profiled a presentation from the RSA Conference in which researchers from the Massachusetts Institute of Technology and an organization called HackerOne analyzed the bug bounty program for Internet Explorer 11. They concluded that offering more money doesn’t necessarily mean that more flaws will be discovered or that bigger bugs won’t be found in later versions of the software.

Given how widely Windows 10 and Project Spartan may be adopted, it’s still a good idea that Microsoft is encouraging the security community to work together on protecting its software. Hopefully, the Microsoft bug bounty program is just the first phase of an industry-wide effort to provide a more long-term, trustworthy computing experience.

Image Source: iStock

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today