BOSTON: Microsoft Corp said yesterday that it is paying a well-known hacking expert more than $100,000 for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.
The software maker also released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the world’s most popular browser vulnerable to remote attack.
James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft’s first $100,000 bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defences against an entire class of attacks, the software maker said yesterday.
Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.
Microsoft unveiled the reward programmes four months ago.
Forshaw has been credited with identifying several dozen software security bugs. He was awarded a large bounty from Hewlett-Packard Co for identifying a way to “pwn,” or take ownership of, Oracle Corp’s Java software in a high-profile contest known as Pwn2Own (pronounced “pown to own”).