Friday, October 11, 2013

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program
Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its firstBug Bounty program, that went on for a month during the preview release of Internet Explorer 11 (IE11).


The program was designed to run during Internet Explorer 11’s browser beta test on June 26 and went on till July 26. They said it would pay researchers up to $11,000 for each Internet Explorer 11 vulnerability they found.
In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric. Today Microsoft has released the names of all the people who the company said found vulnerabilities that qualified for a bounty and paid out $28k a total of six researchers for reporting 15 different bugs.
  • James Forshaw, Context Security
    • 4 Internet Explorer 11 Preview Bug Bounty - $4,400
    • 1 Bonus for finding cool IE design vulnerabilities - $5,000
  • Jose Antonio Vazquez Gonzalez, Yenteasy - Security Research
    • 5 Internet Explorer 11 Preview Bug Bounty vulnerabilities - $5,500
  • Ivan Fratric, Google, Inc security team
    • Internet Explorer 11 Preview Bug Bounty $1,100 - Donated to Save the Children Fund
  • Masato Kinugawa
    • 2 Internet Explorer 11 Preview Bug Bounty vulnerabilities - $2,200
  • Fermin J. Serna, Google, Inc
    • 1 Internet Explorer 11 Preview Bug Bounty $500 - Donated to Save the Seattle Humane Society
  • Peter Vreugdenhil, Exodus Intelligence
    • 1 Internet Explorer 11 Preview Bug Bounty – Tier 1
Interestingly some submissions were from Google engineers, but the money was donated to the Save The Children Fund and other Charities.

Microsoft is set to release the final version of Internet Explorer 11 for Windows 8 and RT on October 17 alongside Windows 8.1.

Microsoft is also running two more software bounty programs. One will pay up to $100,000 to developers who find truly novel exploitation techniques in Windows 8.1, while the other will pay up to $50,000 for defensive ideas that block a qualifying mitigation bypass technique.

No comments:

facebook frnds

About Me