VIA- The Verge

Software giant Microsoft pays $100,000 to James Forshaw (White Hat Hacker)—who found security holes in Windows 8.1. This is the biggest amount ever, Microsoft pays someone to find bugs.

James Forshaw is a well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security.

Forshaw was rewarded for a new “exploitation technique”—he found in Windows 8.1, and in addition to that amount, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.

Three Bounty Programs were launched by Microsoft on June 26, 2013:

  1. Mitigation Bypass Bounty for $100,000 USD- Truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview) {Won by Forshaw}
  2. BlueHat Bonus for Defense for $50,000 USD- Defensive ideas that accompany a qualifying Mitigation Bypass submission.
  3. Internet Explorer 11 Preview Bug Bounty for $11,000 USD- Critical vulnerabilities that affect Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview). {Won by Forshaw}

“It’s quite nice to get that recognition and have some satisfaction in my peers acknowledging that I am good in my field,” Forshaw said.

Forshaw spent about a month on researching ways to circumvent Microsoft’s various defenses built into the working preview of Windows 8.1 and he got the money for his Hard Work, which allowed Microsoft to create defences against an entire class of attacks.

“My total research process was about three-and-a-half weeks because I had a few false starts,” Forshaw said. “I brainstormed lots of ideas and the first few didn’t come to anything before I hit on one that was successful. There was two weeks of development from that initial concept to the final product I sent to Microsoft.”

A senior security strategist at Microsoft, Kate Moussouris explained—Why Forshaw was paid with a huge amount than his “Internet Explorer 11” bug:

While we can’t go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defenses for future versions of our products because we learned about this technique and its variants.
This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.



This site uses Akismet to reduce spam. Learn how your comment data is processed.