Microsoft Awards First $100,000 Bug Bounty to Security Researcher
October 9, 2013 10:29 AM
comment(s) - last by
The same security researcher has earned the vast majority of all Microsoft payouts for bugs
Microsoft has announced that it awarded its first $100,000 bounty to a security researcher named James Forshaw. Forshaw is a security vulnerability researcher with Context Information Security and had previously found design level bugs during the IE11 Preview Bug Bounty.
Microsoft declined to go into any details about the new mitigation bypass technique Forshaw uncovered until it has addressed the attack. Microsoft says that it will be able to better protect customers by creating new defenses for future versions of its products.
Microsoft did note that one of its engineers named Thomas Garnier had also discovered a variant of this attack technique.
Despite this revelation, Microsoft says that it decided to get the full $100,000 to Forshaw. Microsoft says that it pays so much more for new attack techniques versus discovery of individual bugs because new mitigation bypass techniques allow Microsoft to develop defenses against an entire class of attack.
Microsoft said, "The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."
Microsoft has paid out over $128,000 in its bug bounty programs so far. Interestingly, Forshaw has earned $109,400 of that total payout.
This article is over a month old, voting and posting comments is disabled
10/9/2013 2:02:09 PM
I would imagine they have tried, but regardless of it they have or haven't, he probably makes more collecting the pay-outs than he would on salary...
10/9/2013 2:40:15 PM
He probably notifies the NSA first, then reveals the security flaws to MS only after the NSA have fully exploited them. MS probably can't pay him enough, since Snowden has shown everyone what happens to people who cross the NSA.
"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins
"World's Smallest Chess Code" is a Cheating Novice (But Still Kind of Lovable)
January 28, 2015, 2:24 PM
Microsoft's Windows 10 Now Has "Over 2 Million" Public Testers
January 28, 2015, 9:25 AM
Quick Note: With Windows 10, the Windows Source Hits Build 10,000
January 20, 2015, 2:05 PM
Microsoft Kills "Mainstream Support" Windows 7
January 13, 2015, 1:01 PM
Windows 10's "Spartan" IE11 Variant Will Get Firefox/Chrome-Like Extensions
December 30, 2014, 1:30 PM
Cortana, Xbox App, OneDrive Apps/Settings Backup Added to Windows 10 Build
December 15, 2014, 3:43 PM
Most Popular Articles
Under the Hood: How DirectX 11.3 and 12 Will Supercharge Windows 10 Gaming
January 23, 2015, 12:34 PM
2016 Cadillac CTS-V Packs 640 hp Punch with 200 mph Reach
January 23, 2015, 3:25 PM
Microsoft Shows Off Latest Windows 10 Build, Preps it for Next Week Release
January 21, 2015, 2:57 PM
Google Fixes Homophobic "Bug" in its Translator
January 27, 2015, 2:31 PM
Will Google Become America's Fifth Major Carrier?
January 22, 2015, 12:42 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information