Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were recently disclosed.
The company will be offering people up to $250,000 for bugs similar to the Meltdown and Spectre CPU flaws, and will run until the end of the year.
“Speculative execution is a truly new class of vulnerabilities, and we expect that research is already underway exploring new attack methods,” says Philip Misner, a security group manager at Microsoft’s Security Response Center. “This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.”
Microsoft is offering rewards of various payouts across four tiers:
Tier 1: New categories of speculative execution attacks - Up to $250,000
Tier 2: Azure speculative execution mitigation bypass - Up to $200,000
Tier 3: Windows speculative execution mitigation bypass - Up to $200,000
Tier 4: Instance of a known speculative execution vulnerability in Windows 10 or Microsoft Edge. This vulnerability must enable the disclosure of sensitive information across a trust boundary - Up to $25,000