Microsoft Pays Security Researcher James Forshaw $100,000 For Windows 8 Flaw

Posted Oct 10, 2013

Microsoft has put together a pot of $150,000 to pay prizes to security researchers that that find vulnerabilities in Windows and Internet Explorer and reporting them.  This is known as a “bounty program” and Microsoft uses this information to fix issues before malware hackers go after it.  On Tuesday, Microsoft gave James Forshaw $100,000 for helping them improve their platform-wide security by leaps.

“Coincidentally, one of our brilliant engineers at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James? submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty,” stated Microsoft Security Response Center senior security strategist Katie Moussouris in a blog post.

Over the last couple of months, Microsoft has paid out $128,000 to security researchers that have found flaws in Windows and Internet Explorer.  Forshaw was paid another $9,400 for finding bugs in the latest version of Internet Explorer.