Microsoft has paid a researcher $100,000 (£62k) for his method of bypassing the security of the Windows operating system.
James Forshaw, of Context Information Security, was the recipient, although Microsoft said it couldn’t go into detail on the bypass techniques he used until it has addressed them.
Forshaw’s reward is part of the recently-launched Mitigation Bypass Bounty programme, which rewards proof of serious exploits rather than just bugs. That operates alongside Microsoft’s traditional bug bounty.
“The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack,” said Katie Moussouris, senior security strategist lead at Microsoft Trustworthy Computing, in a blog post.
“This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.”
Microsoft had only just announced more than $28,000 of rewards as part of its first bug bounty programme.
Peter Vreugdenhil, of Exodus Intelligence, which formed out of HP’s Zero Day Initiative, received the most from that lot with a $10,000 prize. Forshaw had already won $9,400 for his bug finds.
Internet companies have been ramping up their bug bounty efforts in recent months. Yahoo announced its own version recently, which will award prizes of up to $15,000, after it was slammed for handing out vouchers for company merchandise when bug reports came in.
Sorry, there’s no cash reward, but still Try our security quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…