The culture of awarding individuals or organizations who report vulnerabilities is growing with more and more major companies participating. The latest example is from Microsoft who has just awarded a security researcher with $100,000 for identifying an exploit to circumvent the protections schemes in Windows 8.1.
Microsoft recently awarded the security researcher, James Forshaw, with $100,000 for reporting and demonstrating a Windows 8.1 exploit that could circumvent the built-in security schemes in the system. According to Microsoft, a similar attack vector was known previously, although Microsoft still decided to award Forshaw based on the very high quality of the report which also included multiple variants of the same attack.
James Forshaw states that the attack took approximately two weeks of work to create, although this is considering that Forshaw has extensive experience in the field of security. Still, two weeks worth of work for $100,000 is a pretty high pay off.
The latest example by Microsoft further demonstrates that the culture of awarding individuals and also organizations for reporting security vulnerabilities is here to stay and as an example, also Google and Yahoo has award systems in place for security researchers who manage to hack or crack their systems.
No comments:
Post a Comment