$100K Microsoft Bug Bounty Winner Says He Has Lost Most Of His Reward
Ryan Martin / 6 years ago
Just two days ago we brought you the news that a security researched bagged a healthy $100,000 “bug bounty” from Microsoft for discovering a major class of security vulnerability in its Windows 8.1 operating system. Now the British security researcher James Forshaw has been speaking to the press about his most recent accolade stating it isn’t as impressive as it seems.
James Forshaw works for a company called Context Information Security and he claims by the time they have taken “their cut” and then the taxman takes his cut, there isn’t actually much leftover for himself.
“When it comes to the bounties given for finding security flaws like this, most of it goes to the company you work for, and even if it didn’t, once the taxman has taken his cut it’s certainly not a life changing monetary sum – we’re not talking retirement money here.”
For those who cannot remember James Forshaw discovered a “mitigation bypass” class of vulnerability within Windows 8.1 that left it vulnerable to a whole different array of security exploits. It isn’t uncommon for big companies like Microsoft to outsource their code to security experts in return for discovering these types of vulnerabilities and they certainly chuck big money into it.
Image courtesy of Context Information Security/PA Wire