Microsoft’s first ever $100,000 bounty

by George Chetcuti [Published on 14 Oct. 2013 / Last Updated on 14 Oct. 2013]

Congratulations to James Forshaw for coming up with a new exploitation technique to get Microsoft’s first ever $100,000 bounty.

At the same time, one engineer at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James’ submission was of such high quality and outlined some other variants.

According to Katie Moussouris, the reason MS pays so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps MS develop defenses against entire classes of attack. 

Read more here - http://blogs.technet.com/b/bluehat/archive/2013/10/08/congratulations-to-james-forshaw-recipient-of-our-first-100-000-bounty-for-new-mitigation-bypass-techniques.aspx

Add Review or Comment

Featured Links