In October, Microsoft awarded its top bounty reward of $100,000 for the first time to security researcher James Forshaw for his discovery of a mitigation bypass exploit in Windows 8.1. This week, the company revealed that it has given out another $100,000 prize to researcher Yu Yang for finding and reporting variants on the Mitigation Bypass.
The $100,000 reward was posted up quietly on Microsoft"s Bounty Hunter honor roll page and also revealed via Twitter by Katie Moussouris, the company"s Senior Security Strategist Lead.
From Redmond with love! Congrats Yu Yang (@tombkeeper) on $100,000 in new bounty awards! Quarter mil in #MSBounties https://t.co/MDxLazhPxv
— Katie Moussouris (@k8em0) February 14, 2014
Yu Yang, who works for NSFOCUS Security Labs, used his own Twitter account to acknowledge his new $100,000 bounty and also seemed to hint he might have more reports to hand into Microsoft:
@k8em0 In order to express my thanks for your congratulation, maybe I should submit more. :-)
— Yang Yu (@tombkeeper) February 15, 2014
Since first announcing the new software bounty program in June, Microsoft has awarded a total of $253,000 to seven security researchers for finding problems in Windows 8.1 and also in the preview version of Internet Explorer 11.
Source: Microsoft | Image via Microsoft