BlueHat

Filling A Gap In the Vulnerability Market – First Bounty Notification

Wednesday, July 10, 2013

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between the security researcher community and Microsoft’s customers, by focusing on key data about what researchers were doing with vulnerabilities they found in our products.

• BlueHat Prize
• Bounty
• Bountyprograms
• Internet Explorer (IE)
• Microsoft Windows
• Responsible Disclosure
• Security Research
• Zero-Day Exploit

New Bounty Programs – One Week In

Wednesday, July 03, 2013

Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially opened for bounty-eligible submissions to secure [at] Microsoft [dot] com.

• Black Hat
• BlueHat Prize
• Bounty
• Bountyprograms
• CVD
• Internet Explorer (IE)
• Microsoft Windows
• Security Ecosystem
• Security Research

Doors Open for New Bounty Programs

Thursday, June 27, 2013

As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security issues in Internet Explorer 11 Preview.

• BlueHat Prize
• Bounty
• Bountyprograms
• Internet Explorer (IE)
• Microsoft Windows
• Security Ecosystem
• Zero-Day Exploit

Heart of Blue Gold – Announcing New Bounty Programs

Wednesday, June 19, 2013

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of Microsoft’s outreach. In the early 2000’s, Microsoft had to go through what I call “the five stages of vulnerability response grief.

• BlueHat Prize
• Bounty
• Bountyprograms
• Mitigations
• Security Ecosystem

Microsoft is sponsoring the Cyber Security Challenge UK

Monday, June 17, 2013

The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down (and computer defenses are improved), exploit activity has actually increased in many parts of the world. See the Microsoft Security Intelligent Report (SIR) v14 for more details.

Nine to tide you over: Video highlights from BlueHat v12

Tuesday, April 09, 2013

It has been nearly four months since we gathered in Redmond for BlueHat v12, and we’ve almost caught up on our sleep. As we prepare for what promises to be a momentous year for the BlueHat program – culminating in December with BlueHat v13 – we’ve selected nine of the most compelling, talked-about, or just plain chewy talks from last year’s festivities to share with you.

• BlueHat Security Briefings
• EcoStrat
• MSRC Ecosystem Strategy

On the Shoulders of Blue Giants

Thursday, December 13, 2012

Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice BlueHat v12 here in Redmond is in full swing – it started yesterday for full-time Microsoft employees only, and continues today as we welcome our invited guests from beyond Microsoft.

• BlueHat Security Briefings
• Security Ecosystem

Announcing BlueHat v12

Wednesday, November 21, 2012

The days are getting shorter, the holidays are getting nearer, and looming on the horizon are a trio of 12’s – it’s almost time for the 12th BlueHat Conference, on tap for the twelfth month of 2012. We have a terrific lineup of speakers from both inside and outside the company; there’s nothing much we can do about the weather in Seattle in mid-December, but indoors we have compelling work to do on making the cloud, mobile devices, the Internet, and the rest of the computing ecosystem, safer for customers.

• BlueHat Security Briefings

BlueHat: Something Old, Something New, All Blue

Wednesday, October 24, 2012

Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice Reflecting on my past five years at Microsoft (I know! How time flies!), I can see with fresh perspective just how far we’ve come, while staying true to our goals of helping to protect customers and the computing ecosystem.

• BlueHat Security Briefings

The BlueHat Prize V1.0 – And the Winners Are…

Thursday, July 26, 2012

Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice As we wrap up the first BlueHat Prize contest, we wanted to share what we learned while running the first competition, from a major vendor, offering a large cash prize for defensive security research.