Microsoft breaks bug-bounty virginity in $100,000 contest
http://www.theregister.co.uk/2013/06/19/microsoft_bug_bounty_black_hat/
Microsoft is breaking its long-standing tradition of not paying for security vulnerabilities by offering a $100,000 cash prize for the first penetration tester to crack Windows 8.1 and a $50,000 bonus to explain how they did it.
At this year's Black Hat USA conference held at the end of July in the sweaty hell that is Las Vegas at that time of year Microsoft will offer $100,000 (and a laptop) to the hacker who can demonstrate a critical vulnerability in Windows 8.1, either at the conference or afterwards.
Any successful hacker can earn an additional $50,000 "BlueHat Bonus" if they can tell Redmond how to fix a major flaw in the operating system. In addition, there's an $11,000 bounty on Internet Explorer 11 Preview Edition vulnerabilities but with a 30 day time limit presumably so that any new problems can be fixed in time for the final release.
The market for software vulnerabilities is a contentious issue. Proponents point out that cash payouts are the only way for independent security researchers to make a living and that the resulting disclosures have immense benefits for end users. Opponents suggest that hackers should disclose responsibly as a matter of morality. Meanwhile, there's a thriving black market for software flaws, especially zero-day vulnerabilities.