More and more tech companies are using bounty programs to eliminate dangerous security flaws in their software.
Bounty programs reward people for discovering software flaws. Google was the first major company to fuel the bug bounty program and now it seems that most software companies offer at least some type of incentive.
Google generally pays between $1,000 and $10,000 for security flaws discovered in its programs. Microsoft, however, blew that average figure out of the water by rewarding $100,000 to a security researcher named James Forshaw.
Forshaw came up with a new exploitation technique to get around the built-in security features of Windows 8.1. Forshaw is the second recipient of a bug bounty, although he was also one of a team of six researchers involved in the first bug bounty program earlier this year for Internet Explorer 11, which paid out $28,000 to a team of six.
$100,000 is Microsoft’s maximum bug bounty payout amount. Microsoft chose to give away the maximum amount of money due to the completeness of Forshaw’s response and his outline of several major exploitation techniques.
James Forshaw is actually one of the most prolific bug bounty researchers around today. The Australian security researcher has been a part of two big Microsoft payouts thus far and also recently received a bounty from HP’s TippingPoint after exploiting Java.
So congratulations to James Forshaw. Hopefully, the efforts of Forshaw and Microsoft will make Windows 8.1 and its software a safer environment for users. If Windows 8.1 is as disappointing as Windows 8, then Microsoft could be in big trouble.
You can read the full description of Microsoft’s bounty bug reward program at the official Microsoft BlueHat blog.