If you thought Facebook’s recent $12,500 payout to ‘white hat’ hacker Arul Kumar was something to get excited about, think again. Microsoft just handed over almost 10 times that to an expert who found security vulnerabilities in the computer giant’s software.
Reuters is reporting it as one of the highest bounties yet awarded for such work.
The recipient of the payout is one James Forshaw, head of vulnerability research at London-based security consulting firm Context Information Security. The computer wizard was rewarded for discovering a new exploitation technique in Windows that will help the Redmond-based company shore up its security on multiple levels and “develop defenses against entire classes of attack,” Katie Moussouris, senior security strategist at the Microsoft Security Response Center, wrote in a blog post.
Moussouris thanked Forshaw and five others “on behalf of over a billion customers” for their contributions to the company’s bounty program which since June has invited researchers to inform it of vulnerabilities in Microsoft software.
Forshaw is already known to the company – the computer giant recently paid him a more modest $9,400 for bringing attention to several vulnerabilities in a preview release of Internet Explorer 11.
According to a Black Hat profile of the consultant, Forshaw has been “involved with computer hardware and software security for almost 10 years with a skill set which covers the bread and butter of the security industry such as application testing, through to more bespoke product assessment, vulnerability analysis and exploitation.”
Financial rewards paid by tech companies to researchers for identifying security flaws have become an important part of software development.
Google, for example, has paid out almost $600,000 since 2010 to so-called ‘ethical’ hackers who’ve found security weaknesses in its online tools. Mozilla has handed out a similar amount, while Facebook runs a Bug Bounty program with cash payouts offered.
- Intel opens bug hunt to all security researchers, offers possible $250K payout
- Microsoft will pay you up to $250,000 to find Spectre-like flaws
- How Google’s ‘Project Zero’ task force races hackers to snuff out bugs
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Hackers can bypass the Windows 10 S lockdown due to security flaw