Microsoft awards over $100,000 to hacking expert for finding bugs
Microsoft Corp. is paying a hacking expert more than $100,000 for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.
James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft’s first $100,000 bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday.
Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.
Microsoft unveiled the rewards programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the vast majority of the world’s personal computers.
Forshaw has also won a similar award from Hewlett-Packard Co for identifying a way to “pwn,” or take ownership of Oracle Corp’s Java software.
Microsoft was scheduled to release an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month. Security experts say that hackers had exploited that flaw to launch attacks on companies in Asia in an operation that the cybersecurity firm FireEye has dubbed DeputyDog.