April 27, 2015 By Shane Schick 2 min read

Keeping on top of all the possible security flaws in the world’s most popular Web browser may be too much for any single organization, which is why the Microsoft bug bounty program for Project Spartan will grant researchers rewards as high as $15,000 for finding flaws.

In a blog post, the Washington-based software giant challenged white-hat hackers and other security experts to send a vulnerability report detailing functioning flaws between now and June 22. Of course, most of the findings in the Microsoft bug bounty program are expected to be minor and will likely earn payouts in the $500 to $6,000 range.

As Computerworld noted, the upper end of the financial incentive to better secure Project Spartan is 36 percent higher than the Microsoft bug bounty program for Internet Explorer 11. The official name of Project Spartan will likely be revealed during the company’s upcoming Build conference, and the browser could launch by the early summer.

However, Project Spartan isn’t Microsoft’s only bounty program open to security experts. VentureBeat reported that the company has created similar initiatives to protect a range of its other projects, most notably its cloud computing service, Azure, and the upcoming Office Sway. These vulnerability assessments are highly valuable to the company since they provide a way to outsmart cybercriminals before they strike.

Of course, Project Spartan will be a big part of Microsoft’s overall portfolio surrounding Windows 10, its core platform that will also come out later this year. BetaNews observed that the company has already been looking for feedback about any potential flaws within the operating system’s recently released technical preview.

Even in the past few months, there have been examples of security researchers helping companies such as eBay fend off potential flaws through programs similar to Microsoft’s. On the other hand, a recent study suggests the company may want to focus on other tactics.

A story on The Register profiled a presentation from the RSA Conference in which researchers from the Massachusetts Institute of Technology and an organization called HackerOne analyzed the bug bounty program for Internet Explorer 11. They concluded that offering more money doesn’t necessarily mean that more flaws will be discovered or that bigger bugs won’t be found in later versions of the software.

Given how widely Windows 10 and Project Spartan may be adopted, it’s still a good idea that Microsoft is encouraging the security community to work together on protecting its software. Hopefully, the Microsoft bug bounty program is just the first phase of an industry-wide effort to provide a more long-term, trustworthy computing experience.

Image Source: iStock

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today