Microsoft pays a total of over $28,000 to six IE11 preview exploit discoverers

In June, Microsoft announced that it would hold a limited 30 day bounty program for people who could find exploits in the preview version of Internet Explorer 11, with Microsoft willing to pay up to $11,000 for each bug that was reported. In July, the company announced that the first such bounty award was given to a current employee of Google, Ivan Fratric.

Now that the IE11 preview bounty program has been completed, Microsoft has released the names of all the people who the company said found "vulnerabilities that qualified for a bounty". Ultimately, Microsoft awarded a total of over $28,000 to six people who found and informed Microsoft of 15 separate issues with the IE11 preview.

The actual list of the people, and their award amounts, are posted on a separate page. They include Fratric, who received $1,100 for his efforts, which he donated to the Save The Children Fund. Another Google employee, Fermin J. Serna, was awarded $500 for his own discovery, which he donated to the Save the Seattle Humane Society.

James Forshaw of Context Security found four vulnerabilities in the IE11 preview version and got $4,400 for his efforts, plus an extra $5,000 for "finding cool IE design vulnerabilities." Jose Antonio Vazquez Gonzalez of Yenteasy Security Research found five more IE11 preview exploits and received $5,500. Masato Kinugawa reported two more vulnerabilities and received $2,200 from Microsoft.

Finally, Peter Vreugdenhil of Exodus Intelligence found one IE11 exploit. His specific reward is not listed but since Microsoft revealed that the other five bounty winners had received a total of $18,700, we can guess that Vreugdenhil got near to or at the upper limit of Microsoft's $11,000 bounty for his discovery.

Microsoft is still running two more software bounty programs. One will pay up to $100,000 to developers who find "truly novel exploitation techniques" in Windows 8.1, while the other will pay up to $50,000 for "defensive ideas that block a qualifying mitigation bypass technique." So far, Microsoft has yet to reveal anyone who has been given awards for those two programs.

Source: Microsoft | Image via Microsoft

Report a problem with article
Previous Story

Google, Microsoft and others team up to make Internet access cheaper

Next Story

Microsoft updates Skype for iPhone, iPad with iOS 7-themed interface

7 Comments

Commenting is disabled on this article.

Surprised at least one person from Vupen isn`t on the list. They normally have a few vulns but are maybe waiting for a competition!
Hopefully Microsoft continues offering these bountys so that exploits get to them first rather than out on the black market...
Anyone know what "cool IE design vulnerabilities" are?

theyarecomingforyou said,
I suppose suppose paying for exploits is cheaper than paying developers a full-time salary.

eh?... this is just an incentive for external parties to turn in exploits found... sometimes you need an external view in of a project... when you are the ones writing it, you tend to not look at it the same way as someone else trying to get into it would

theyarecomingforyou said,
I suppose suppose paying for exploits is cheaper than paying developers a full-time salary.

This makes sense. Its dificult for a developer to exploit his own work.

Sometimes you need an external perspective when dealing with unknown issues in software, especially when security and stability are concerned.

theyarecomingforyou said,
I suppose suppose paying for exploits is cheaper than paying developers a full-time salary.

They're not paying third-parties to fix those vulnerabilities, only to find them.

That said, I do realize you're just trolling.