Microsoft awards over $100,000 to expert for finding bugs

BOSTON Tue Oct 8, 2013 3:38pm EDT

BOSTON Oct 8(Reuters) - Microsoft Corp is paying a hacking expert more than $100,000 for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.

James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft's first $100,000 bounty for identifying a new "exploitation technique" in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday.

Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.

Microsoft unveiled the rewards programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the vast majority of the world's personal computers.

Forshaw has also won a similar award from Hewlett-Packard Co for identifying a way to "pwn," or take ownership of Oracle Corp's Java software.

Microsoft was scheduled to release an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month. Security experts say that hackers had exploited that flaw to launch attacks on companies in Asia in an operation that the cybersecurity firm FireEye has dubbed DeputyDog.

A couple walks along the rough surf during sunset at Oahu's North Shore, December 26, 2013. REUTERS/Kevin Lamarque

Find your dream retirement town

Florida? Hawaii? Reuters has teamed up with Zillow to give you the power to customize a list of your best places to retire.  Video | Full Article