The tech giant Microsoft’s rewards program runs until December 31, 2019, and promises to pay up to $250,000 to researchers who find the most serious flaws, that is, entirely new categories of speculative execution attacks. Bug hunters who manage to circumvent Windows or Azure mitigations can pocket up to $200,000. Speculative execution is a feature present in almost all modern processors. To speed up performance, the chips try to guess which code will be executed next. If the forecast is wrong, the result is discarded; if you are right, there is a time-saving. However, Spectre can induce a processor to perform a “guessing” operation that would not run under normal conditions, leaking information. The tech giant Microsoft explains that “speculative execution is truly a new class of vulnerabilities, and we believe that research is already being done to explore new methods of attack.” Therefore, the program aims to “promote such research and enable the coordinated dissemination of vulnerabilities related to these problems”. All details about the rewards program for speculative execution attacks are on the Microsoft website. So, what do you think about this? Simply share all your views and thoughts in the comment section below.
Δ