DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
January 21, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 218 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Microsoft has a new speculative execution bug bounty program

Posted on Friday, March 16 2018 @ 10:57:14 CET by


MSFT logo
The discovery of the Meltdown and Spectre CPU vulnerabilities caused quite a shockwave due to the very broad security impact. Companies are thinking about new ways to make hardware and software safer, and Microsoft just announced a new bug bounty program that specifically focuses on speculative execution side channel vulnerabilities.

There are four different tiers, security researchers who discover new categories of speculative execution attacks can expect a payout of up to $250,000. Bypass methods for Azure or Windows result in a payout of up to $200,000 and exploitable instances of a specified, known vulnerability gives access to up to $25,000.
Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues. Tier 1 focuses on new categories of attacks involving speculative execution side channels. To help the community better understand what is currently known amongst the industry, our Security Research & Defense team has published blog with additional information. Tiers 2 and 3 focus on identifying possible bypasses for mitigations that have been added to Windows and Azure to defend against the attacks that have been identified. Tier 4 covers exploitable instances of CVE-2017-5753 or CVE-2017-5715 that may exist.

Speculative execution side channel vulnerabilities require an industry response. To that end, Microsoft will share, under the principles of coordinated vulnerability disclosure, the research disclosed to us under this program so that affected parties can collaborate on solutions to these vulnerabilities. Together with security researchers, we can build a more secure environment for customers.
You can check out the details over here.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba