Google Employee Awarded First Microsoft Bug Program Bounty
In June, Microsoft announced new “bounty programs” for people who could find exploits inside Windows 8.1 or vulnerabilities in the Internet Explorer 11 preview. This week, Microsoft announced that it has already informed one person that he has won money for finding an issue in IE11.
According to a post published by Katie Moussouris, senior security strategist at Microsoft, the company has already paid one security engineer for finding a glitch in Internet Explorer 11, but no specifics have been provided.
“The security community has responded enthusiastically to our new bounty programs, submitting over a dozen issues for us to investigate in just the first two weeks since the programs opened. I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)” Moussouris wrote.
And still, Moussouris mentioned the name of the lucky winner in a short tweet the past week, revealing that he’s none other than Ivan Fratric, a Google information security engineer who also won $50,000 (€38,300) in 2012 in the software maker’s BlueHat contest.
While the Windows 8.1 bounty program is ongoing, the IE11 preview bounty program will end on July 26. Moussouris said a number of other researchers have also found exploits in IE11 and will be notified of that fact very soon. The reported vulnerabilities can qualify for bounties between $500 and $11,000, or even more in particular cases, depending on the gravity of the vulnerability and the quality of the report.