Microsoft awards hacking expert $100k for plugging Windows 8 security hole
Microsoft paid a well known hacking expert more than $100,000 for locating security vulnerabilities in its Windows 8 software. This payout is one of the largest awarded to date by a big tech company. In addition, the software giant also released an update to Internet Explorer, which it said fixed a bug that made users vulnerable to remote attacks from hackers.
The man who located the security threat in Microsoft's software is no other than James Forshaw, who heads vulnerability research at Context Information Security, a company based in London. Forshaw is not new to the idea of being paid big by Microsoft. According to a Reuters report, he earned $9,400 for locating a vulnerability in Internet Explorer.
Forshaw also earned a massive bounty from HP after identifying a way to take complete control of Oracle's Java software. Since Java is always in the spotlight when it comes to security problems, we're guessing it wasn't too difficult for Forshaw to locate security problems within the software.
According to Venturebeat, the reason Microsoft chose to pay Forshaw over $100,000 has much to do with the sheer creativity of his methods.
"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Microsoft senior security strategist Katie Moussouris said. "This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."
At the moment, Microsoft is unable to go into more detail about the hack since it is a zero-day exploit. We expect Microsoft to release more information on the vulnerability than it usually does in the past. This should come whenever the company releases a software update with a patch to plug the holes. Moreover, no word on when that patch might find its way to consumers. However, knowing Microsoft, it might take a very long time.
For those who have the skills and patience to locate security vulnerabilities, you have the option to report bugs via Microsoft's bounty program. And, if you're lucky, you might just follow in the footsteps of James Forshaw by earning thousands of dollars.