BOSTON Oct 8Microsoft Corp is paying a
hacking expert more than $100,000 for finding security holes in
its software, one of the largest such bounties awarded to date
by a high-tech company.
James Forshaw, who heads vulnerability research at
London-based security consulting firm Context Information
Security, won Microsoft's first $100,000 bounty for identifying
a new "exploitation technique" in Windows, which will allow it
to develop defenses against an entire class of attacks, the
software maker said on Tuesday.
Forshaw earned another $9,400 for identifying security bugs
in a preview release of Microsoft's Internet Explorer 11
browser, Katie Moussouris, senior security strategist with
Microsoft Security Response Center, said in a blog.
Microsoft unveiled the rewards programs four months ago to
bolster efforts to prevent sophisticated attackers from
subverting new security technologies in its software, which runs
on the vast majority of the world's personal computers.
Forshaw has also won a similar award from Hewlett-Packard Co
for identifying a way to "pwn," or take ownership of
Oracle Corp's Java software.
Microsoft was scheduled to release an automatic update to
Internet Explorer on Tuesday afternoon to fix a security bug
that it first disclosed last month. Security
experts say that hackers had exploited that flaw to launch
attacks on companies in Asia in an operation that the
cybersecurity firm FireEye has dubbed DeputyDog.