| 17.2°C Belfast

Microsoft bug bounty for Briton


It is the first time Microsoft has paid out such a big bounty

It is the first time Microsoft has paid out such a big bounty

It is the first time Microsoft has paid out such a big bounty

Microsoft has paid out a 100,000 US dollars (£62,450) bounty to a British security researcher who discovered a bug in a preview version of the Windows 8.1 system.

James Forshaw, who works for Context Information Security, found a way of getting round the software's in-built defences, which could have been exploited by hackers.

It is the first time the giant corporation has paid out such a big bounty, and Microsoft believes the information will make its new system more secure when it is released.

Katie Moussouris, Microsoft senior security strategist, said: "While we can't go into the details of this new mitigation bypass technique until we address it, we are excited that we will be better able to protect customers by creating new defences for future versions of our products because we learned about this technique and its variants.

"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defences against entire classes of attack.

"This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers.

"When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications."

Mr Forshaw, 34, who lives in London, said: "My total research process was about three-and-a-half weeks because I had a few false starts.

"I brainstormed lots of ideas and the first few didn't come to anything before I hit on one that was successful.

"There was two weeks of development from that initial concept to the final product I sent to Microsoft.

"But I have over 10 years' experience in this field."

The head of vulnerability research said the bounty was good for the business.

"It's quite nice to get that recognition and have some satisfaction in my peers acknowledging that I am good in my field," he added.

He previously won a smaller bounty for finding a vulnerability in the Internet Explorer 11 system.

Daily Headlines & Evening Telegraph Newsletter

Receive today's headlines directly to your inbox every morning and evening, with our free daily newsletter.

This field is required

Top Videos