Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Microsoft Paid $100,000 for Finding Bug in Windows 8.1


Recommended Posts

The software giant has paid $100,000 to the UK researcher James Forshaw, who found a critical security flaw in Microsoft’s upcoming Windows 8.1 OS.
 
Forshaw, a researcher for the security company, has found a “mitigation bypassâ€. This hack circumvented the built-in protection systems that could have allowed intruders access to the system.
 
Microsoft said it couldn’t provide any details of that mitigation bypass technique until it found a way to address it. However, the software giant promised to strengthen platform-wide mitigations, and make it harder to exploit vulnerabilities in all software that runs on Windows platform, not only their own apps.
 
The researcher admitted it had taken him 25 days to find the bug, responding to “a very specific brief†from the software giant. Forshaw originally came up with the winning idea sitting at home and pondering what he could do. $100,000 bounty is a lot of money, but James Forshaw said that he wasn’t talking retirement money there. Indeed, when it comes to security flaw bounties like Microsoft’s, most of it goes to the company. Actually, even if it didn’t, after paying taxes it is already not a life-changing amount.
 
The researcher admitted that using outside experts was just part of the process due to the scale of the task involved. The software giant has a huge security department which actively looks for software bugs in its products, but it might be just a problem of being too close to the product – you simply cannot see the wood for the trees. Forshaw recommends to step back and take a look at the entire product and its interactions in order to find the higher-level flaws.
 
It seems that outsourcing is also important from a monetary point of view. In fact, the company couldn’t dedicate enough resources to find everything, because it is cheaper to pay external researchers bounties like this one. Apparently, there is only a finite pool of talented people who are able to find vulnerabilities in software products.
 
One can argue that the bugs and vulnerabilities should not exist in the first place, but everyone knows that humans are fallible and nobody can write perfect code.

4_logo.png

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...