Microsoft promised recruiters "Computer Gurus" of as much as $150,000 for software security

By Jim Finkle

The best hackers are heavily recruited by the military, intelligence agencies and big corporations, who lure them with scholarships and high-paying jobs.

Microsoft is also competing for the attention of the top hacking talent on a growing global gray market, where information about vulnerabilities is sold to criminals as well as governments that use it in military and intelligence operations. Bounties start at $50,000 for tools that enable attackers to break into computers, even when they are protected by up-to-date security software.

In the industry, exploits of such vulnerabilities are called "zero-days," because a targeted software maker has had zero days' notice to fix the hole when the malicious software is eventually discovered. (See SPECIAL REPORT: http://link.reuters.

Mike Reavey, senior director with the Microsoft Security Response Center, declined in an interview to talk about the "zero day" market for vulnerabilities in Windows products, saying the company was seeking to encourage hackers to use their skills in helpful ways.

"It's difficult to comment on the dark side," he said. "The intention of these (bounty) programs is to incentivize good behavior."

Reavey said he hoped Microsoft's new program would woo some candidates away from an annual contest known as Pwn2Own (pronounced "pown to own"), which has become a key venue for elite hackers to disclose major security flaws in software.

The latest Pwn2Own, which was held in Vancouver in March and sponsored by Hewlett-Packard Co, paid out nearly $480,000 in prize money, according to HP's website.

Hackers won the competition by identifying new ways to "pwn," or take ownership of, browsers from Microsoft, Firefox and Google Inc, Oracle Corp's Java and Adobe System Inc's Flash and Reader software.

Some other big technology firms already offer similar programs. Google has handed out $1.7 million in 3 years, including prizes as big as $60,000. Facebook Inc said it has paid out $500,000 to $1 million since it began its program two years ago. Adobe does not offer bounties, though it brings in hackers as temporary consultants to help fix problems that they identify.

Microsoft is also running a one-month contest, starting July 26, offering bounties of up to $11,000 to hackers who find bugs in the trial version of its new Internet Explorer 11 browser, which will be in preview release.

TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://android-rush.blogspot.com/2013/06/microsoft-promised-recruiters-gurus-of.html. Terima kasih sudah singgah membaca artikel ini.