You might remember a while back we told you that Microsoft was starting a bounty program for its Windows 8.1 beta, a program which would pay users for discovering security vulnerabilities in its software. Well one hacker has been able to find and expose a major mitigation bypass technique, which Microsoft has agreed to pay $100,000 in return for.
The man responsible for finding the security flaw is James Forshaw, a security vulnerability researcher at Context Information Security. If you feel like $100,000 is a lot, here’s Microsoft’s explanation as to why it pays that much:
The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack. This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.
And that’s not all the money that Forshaw has been able to squeeze out of Microsoft. He had already claimed $9,400 for having found some smaller issues within Windows 8.1.
If you’re a code genius, you can submit your findings to Microsoft for money by going here. If you’re good at it, it seems like it could make for a nice part-time job.
