SOFTWARE REDEVELOPER Microsoft has started paying out bug bounties to third parties and has rewarded one chap with $100,000.
That's over £60,000 in UK money, and it isn't the only payout made by the firm. James Forshaw from Content Information Security got the $100,000 prize for finding a new exploit called a "mitigation bypass technique".
Forshaw also picked up cash for discovering some other software vulnerabilities and was awarded a $5,000 bonus for "finding cool IE design vulnerabilities," giving him a total payout of $109,400.
"James already came in hot with design level bugs he found during the IE11 Preview Bug Bounty, and we're thrilled to give him even more money for helping us improve our platform-wide security by leaps," said Katie Moussouris, senior security strategist at the Microsoft Security Response Center in a blog post.
"While we can't go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defenses for future versions of our products because we learned about this technique and its variants."
Microsoft has now paid out over $128,000 in bug bounties. Six "very smart people" received the prizes, said Moussouris.
Not all of them kept the cash. Ivan Fratric of the Google security team was awarded $1,100 for finding an Internet Explorer 11 (IE 11) bug, but donated it to the Save the Children Fund. Fermin Serna, also from Google, gave $500 for finding a bug in the IE 11 Preview release to the Seattle Humane Society.
Forshaw got the largest bug bounty amount and his closest rival, Jose Antonio Vazquez Gonzalez from Yenteasy Security Research came second with $5,500 as his reward for finding five Internet Explorer 11 Preview bugs. µ
Sign up for INQbot – a weekly roundup of the best from the INQ