Few days Microsoft awarded James Forshaw and 5 other security researchers bounty, for the Vulnerabilities they found in Internet explorer 11 preview bug bounty program.
Katie Moussouris security analyst at microsoft said in a blog post that, the mitigation bypass technique discovered by James, was so effective that Microsoft awarded first ever $100,000 bounty to him.
‘Coincidentally, one of our brilliant engineers at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty.’ blog post from microsoft staed.
The mtigation Bypass Technique will not be discloed untill we address it, the blog post stated.
They also said the reason to award such a big bounty amount is that this mitigation Bypass Technique will help them to develop defenses against entire classes of attack. it will help to strengthen platform wide-mitigations which will make difficult to exploit bugs running on microsofts platform.
James Forshaw have received a total of $109,400 from microsoft’s bounty program. including the one of $100,000 bounty for new mitigation Bypass Techniques.
Microsoft have thanked Forshaw for his contributions which will surely help to strengthen their platform.
And this will also encourage others to keep trying and report vulnerabilities to win bounty programes.