In June, Microsoft announced that it would hold a limited 30 day bounty program for people who could find exploits in the preview version of Internet Explorer 11, with Microsoft willing to pay up to $11,000 for each bug that was reported. In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric.
Now that the IE11 preview bounty program has been completed, Microsoft has released the names of all the people who the company said found "vulnerabilities that qualified for a bounty". Ultimately, Microsoft awarded a total of over $28,000 to six people who found and informed Microsoft of 15 separate issues with the IE11 preview.
The actual list of the people, and their award amounts, are posted on a separate page. They include Fratric, who received $1,100 for his efforts, which he donated to the Save The Children Fund. Another Google employee, Fermin J. Serna, was awarded $500 for his own discovery, which he donated to the Save the Seattle Humane Society.
James Forshaw of Context Security found four vulnerabilities in the IE11 preview version and got $4,400 for his efforts, plus an extra $5,000 for "finding cool IE design vulnerabilities." Jose Antonio Vazquez Gonzalez of Yenteasy Security Research found five more IE11 preview exploits and received $5,500. Masato Kinugawa reported two more vulnerabilities and received $2,200 from Microsoft.
Finally, Peter Vreugdenhil of Exodus Intelligence found one IE11 exploit. His specific reward is not listed but since Microsoft revealed that the other five bounty winners had received a total of $18,700, we can guess that Vreugdenhil got near to or at the upper limit of Microsoft's $11,000 bounty for his discovery.
Microsoft is still running two more software bounty programs. One will pay up to $100,000 to developers who find "truly novel exploitation techniques" in Windows 8.1, while the other will pay up to $50,000 for "defensive ideas that block a qualifying mitigation bypass technique." So far, Microsoft has yet to reveal anyone who has been given awards for those two programs.
Source: Microsoft | Image via Microsoft
7 Comments - Add comment