Microsoft Awards First $100,000 Bug Bounty to Security Researcher
October 9, 2013 10:29 AM
comment(s) - last by
The same security researcher has earned the vast majority of all Microsoft payouts for bugs
Microsoft has announced that it awarded its first $100,000 bounty to a security researcher named James Forshaw. Forshaw is a security vulnerability researcher with Context Information Security and had previously found design level bugs during the IE11 Preview Bug Bounty.
Microsoft declined to go into any details about the new mitigation bypass technique Forshaw uncovered until it has addressed the attack. Microsoft says that it will be able to better protect customers by creating new defenses for future versions of its products.
Microsoft did note that one of its engineers named Thomas Garnier had also discovered a variant of this attack technique.
Despite this revelation, Microsoft says that it decided to get the full $100,000 to Forshaw. Microsoft says that it pays so much more for new attack techniques versus discovery of individual bugs because new mitigation bypass techniques allow Microsoft to develop defenses against an entire class of attack.
Microsoft said, "The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."
Microsoft has paid out over $128,000 in its bug bounty programs so far. Interestingly, Forshaw has earned $109,400 of that total payout.
This article is over a month old, voting and posting comments is disabled
10/9/2013 2:40:15 PM
He probably notifies the NSA first, then reveals the security flaws to MS only after the NSA have fully exploited them. MS probably can't pay him enough, since Snowden has shown everyone what happens to people who cross the NSA.
"We are going to continue to work with them to make sure they understand the reality of the Internet. A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis
Apple Releases iOS 7.1, The First Major Update to Its "Rethought" Mobile OS
March 10, 2014, 1:52 PM
Windows 8.1 Update 1 Leaked Early
March 7, 2014, 9:30 AM
Xbox One Gets Beta Version of "Project Spark" Starting Today
March 4, 2014, 2:33 PM
Cortana Voice Assistant Coming to Windows Phone in New 8.1 Update
March 3, 2014, 1:09 PM
Microsoft Launches Site to Tell Clueless Customers if They're Running XP
March 3, 2014, 12:34 PM
With Windows XP Support Ending Soon, Microsoft Uses Pop-ups to Encourage Upgrades
March 3, 2014, 9:43 AM
Most Popular Articles
Bitcoin King Pt. II: Mt. Gox's Dictator Karpelès Proves Tragically Flawed
March 7, 2014, 1:12 PM
Hack Reveals Fallen Bitcoin CEO's Posh Tokyo Penthouse
March 10, 2014, 4:28 PM
Tesla Motors Calls New Jersey Out on New Rule Against Its Direct Sales Model
March 11, 2014, 12:01 PM
NASA Considering SpaceX "Red Dragon" for Returning Mars Samples to Earth
March 10, 2014, 2:43 PM
India Could Rock Google With Its Biggest Antitrust Fine Yet -- $5B USD
March 10, 2014, 8:12 PM
Latest Blog Posts
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
Is The Period Becoming an Expression of Anger?
Nov 26, 2013, 2:02 PM
NSA and Congress -- You Will Never Kill the Constitution, It's an Idea
Nov 10, 2013, 2:00 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information