lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 10 Oct 2013 22:43:44 -0400
From: Jeffrey Walton <noloader@...il.com>
To: FunSec List <funsec@...uxbox.org>, 
 Full Disclosure List <full-disclosure@...ts.grok.org.uk>
Subject: Microsoft Pays Security Researcher James Forshaw
 $100, 000 For Windows 8 Flaw

It looks like Microsoft might be one of the better corporations to do
free security work for (or maybe you have to be a Microsoft employee
for the big payouts).

What's Yahoo up to now? A free coffee mug and t-shirt plus a pair of boxers?

http://pulse2.com/2013/10/10/microsoft-james-forshaw-bounty-program-94944/

Microsoft has put together a pot of $150,000 to pay prizes to security
researchers that that find vulnerabilities in Windows and Internet
Explorer and reporting them.  This is known as a “bounty program” and
Microsoft uses this information to fix issues before malware hackers
go after it.  On Tuesday, Microsoft gave James Forshaw $100,000 for
helping them improve their platform-wide security by leaps.

“Coincidentally, one of our brilliant engineers at Microsoft, Thomas
Garnier, had also found a variant of this class of attack technique.
Microsoft engineers like Thomas are constantly evaluating ways to
improve security, but James’ submission was of such high quality and
outlined some other variants such that we wanted to award him the full
$100,000 bounty,” stated Microsoft Security Response Center senior
security strategist Katie Moussouris in a blog post [0].

Over the last couple of months, Microsoft has paid out $128,000 to
security researchers that have found flaws in Windows and Internet
Explorer.  Forshaw was paid another $9,400 for finding bugs in the
latest version of Internet Explorer.

[0] http://blogs.technet.com/b/bluehat/archive/2013/10/08/congratulations-to-james-forshaw-recipient-of-our-first-100-000-bounty-for-new-mitigation-bypass-techniques.aspx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists