Microsoft set aside $US150,000 to pay prizes to security researchers for ripping up Windows and Internet Explorer and telling Microsoft about the holes they find.
That’s called a bounty program and Microsoft uses it to find vulnerabilities before bad-guy hackers do.
On Tuesday it awarded $US100,000 of the pot to just one guy, James Forshaw, a security researcher at Context Security.
Microsoft didn’t describe the security attack that Forshaw created. It wants to be able to fix the problem before it talks about it. But it did say he found something huge, “an entire class of issues.”
When Microsoft launched the program in June, it said that to get a $US100,000 payout, the researcher would have to come up with a “truly novel” technique that breaks the security protections built into Windows 8.1. The hack had to be one that could let a bad guy control a Windows PC over the Internet, the most dangerous kind of flaw.
In just a couple of months, Microsoft has so far paid out over $US128,000 to security researchers who have found flaws in Windows and Internet Explorer, it said, mostly in increments ranging from $US500 to $US5,500. Forshaw was also paid another $US9,400 for finding bugs in the latest version of Internet Explorer.
Interestingly, of the six researchers who won bounties from Microsoft so far, two of them work for Google. Both of the Google researchers donated their cash prizes to charity. Guess finding holes in Windows was its own reward.