Microsoft Awards First $100,000 Bug Bounty to Security Researcher
October 9, 2013 10:29 AM
comment(s) - last by
The same security researcher has earned the vast majority of all Microsoft payouts for bugs
Microsoft has announced that it awarded its first $100,000 bounty to a security researcher named James Forshaw. Forshaw is a security vulnerability researcher with Context Information Security and had previously found design level bugs during the IE11 Preview Bug Bounty.
Microsoft declined to go into any details about the new mitigation bypass technique Forshaw uncovered until it has addressed the attack. Microsoft says that it will be able to better protect customers by creating new defenses for future versions of its products.
Microsoft did note that one of its engineers named Thomas Garnier had also discovered a variant of this attack technique.
Despite this revelation, Microsoft says that it decided to get the full $100,000 to Forshaw. Microsoft says that it pays so much more for new attack techniques versus discovery of individual bugs because new mitigation bypass techniques allow Microsoft to develop defenses against an entire class of attack.
Microsoft said, "The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."
Microsoft has paid out over $128,000 in its bug bounty programs so far. Interestingly, Forshaw has earned $109,400 of that total payout.
This article is over a month old, voting and posting comments is disabled
10/9/2013 4:14:22 PM
I love how he's received "the vast majority" of their bug bounty payouts, 109,000 out of 125,000. But according to the source article those numbers include the 100,000 he just earned. So yeah... of course he has received the majority, he just received 4x more than the program had paid out to date.
So, saying they should just hire him... well, look at it this way. If he hadn't found the vulnerability they wouldn't have had to pay him. If he's on the payroll they're out at least 6 figures each and every year regardless of if he finds something or not.
"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook
Confirmed: Next Generation of Windows to Be Announced on September 30
September 15, 2014, 4:43 PM
Microsoft Buys Minecraft Dev for $2.5B USD, Pledges Cross-Platform Support Won't Die
September 15, 2014, 12:15 PM
NPD: PC Gamers Tend to Earn More Than Console Gamers
September 12, 2014, 5:22 PM
Grand Theft Auto V for Xbox One, PS4 Launches Nov 18; PC Version Lands Jan 27
September 12, 2014, 9:04 AM
Microsoft Exec Reveals Steve Ballmer Created Original Blue Screen of Death Message
September 4, 2014, 2:10 PM
Microsoft Axes 1,500 Misleading Windows Apps, Crackdown Ongoing
August 28, 2014, 11:56 AM
Most Popular Articles
Dell Announces "World's Thinnest" Tablet: The Venue 8 7000 Series
September 11, 2014, 8:51 AM
Apple Announces Its Smartwatch: The $349 Apple Watch
September 9, 2014, 2:09 PM
Quick Note: Buy an Xbox One Sept 7-13, Get a Free Game
September 4, 2014, 10:42 AM
Quick Note: Microsoft to Ditch Windows Phone, Nokia Branding
September 10, 2014, 2:14 PM
Apple Announces 4.7" iPhone 6, 5.5" iPhone 6 Plus
September 9, 2014, 1:45 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information