According to a report by Reuters (News - Alert), Microsoft's payout is one of the highest bounties ever awarded for this type of work. Microsoft has traditionally shied away from paying bounties for security issues, but earlier this year the company announced its first bug bounties.
The recipient of the pay out, James Forshaw, is the head of vulnerability research at London-based security consulting firm Context Information Security. Forshaw, a professional hacker and computer wizard, collected the bounty for discovering a new exploitation technique in Windows. His discovery will help Microsoft shore up its security on multiple levels. It will also help “develop defenses against entire classes of attack,” Katie Moussouris, senior security strategist at the Microsoft Security Response Center, wrote in her blog post.
This was not Microsoft's first time working with Forshaw. He was recently paid a more modest $9,400 by the computer giant for bringing its attention to several vulnerabilities in a preview release of Internet Explorer 11.
Forshaw's Black Hat profile states that the consultant has been, “involved with computer hardware and software security for almost 10 years with a skill set which covers the bread and butter of the security industry such as application testing, through to more bespoke product assessment, vulnerability analysis and exploitation.”
Over the years financial pay outs by tech companies to researchers and hackers has become a important step in software development.
"The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack," Moussouris added. Although the IE11 bug bounty program is now closed, Microsoft is still seeking out Windows 8.1 bugs. So far Microsoft has paid out over $128,000.