lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Oct 2013 22:43:44 -0400 From: Jeffrey Walton <noloader@...il.com> To: FunSec List <funsec@...uxbox.org>, Full Disclosure List <full-disclosure@...ts.grok.org.uk> Subject: Microsoft Pays Security Researcher James Forshaw $100, 000 For Windows 8 Flaw It looks like Microsoft might be one of the better corporations to do free security work for (or maybe you have to be a Microsoft employee for the big payouts). What's Yahoo up to now? A free coffee mug and t-shirt plus a pair of boxers? http://pulse2.com/2013/10/10/microsoft-james-forshaw-bounty-program-94944/ Microsoft has put together a pot of $150,000 to pay prizes to security researchers that that find vulnerabilities in Windows and Internet Explorer and reporting them. This is known as a “bounty program” and Microsoft uses this information to fix issues before malware hackers go after it. On Tuesday, Microsoft gave James Forshaw $100,000 for helping them improve their platform-wide security by leaps. “Coincidentally, one of our brilliant engineers at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty,” stated Microsoft Security Response Center senior security strategist Katie Moussouris in a blog post [0]. Over the last couple of months, Microsoft has paid out $128,000 to security researchers that have found flaws in Windows and Internet Explorer. Forshaw was paid another $9,400 for finding bugs in the latest version of Internet Explorer. [0] http://blogs.technet.com/b/bluehat/archive/2013/10/08/congratulations-to-james-forshaw-recipient-of-our-first-100-000-bounty-for-new-mitigation-bypass-techniques.aspx _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists