Microsoft awards over $100,000 to expert for finding bugs

Reuters

By Jim Finkle

BOSTON, Oct 8(Reuters) - Microsoft Corp is paying ahacking expert more than $100,000 for finding security holes inits software, one of the largest such bounties awarded to dateby a high-tech company.

James Forshaw, who heads vulnerability research atLondon-based security consulting firm Context InformationSecurity, won Microsoft's first $100,000 bounty for identifyinga new "exploitation technique" in Windows, which will allow itto develop defenses against an entire class of attacks, thesoftware maker said on Tuesday.

Forshaw earned another $9,400 for identifying security bugsin a preview release of Microsoft's Internet Explorer 11browser, Katie Moussouris, senior security strategist withMicrosoft Security Response Center, said in a blog.

Microsoft unveiled the rewards programs four months ago tobolster efforts to prevent sophisticated attackers fromsubverting new security technologies in its software, which runson the vast majority of the world's personal computers.

Forshaw has also won a similar award from Hewlett-Packard Co for identifying a way to "pwn," or take ownership ofOracle Corp's Java software.

Microsoft was scheduled to release an automatic update toInternet Explorer on Tuesday afternoon to fix a security bugthat it first disclosed last month. Securityexperts say that hackers had exploited that flaw to launchattacks on companies in Asia in an operation that thecybersecurity firm FireEye has dubbed DeputyDog.

View Comments (0)