In June, Microsoft announced new "bounty programs" for people who could find exploits inside Windows 8.1 or vulnerabilities in the Internet Explorer 11 preview. This week, Microsoft announced that it has already informed one person that he has won money for finding an issue in IE11.
In a post on Microsoft's BlueHat blog penned by Katie Moussouris, a senior security strategist at Microsoft, the following announcement was made:
The security community has responded enthusiastically to our new bounty programs, submitting over a dozen issues for us to investigate in just the first two weeks since the programs opened. I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)
While Moussouris did not name who won the first IE11 bug bounty in the blog, she user her Twitter account this week to name and congratulate the winner. He is Ivan Fratric, who actually won $50,000 in 2012 in Microsoft's BlueHat security programming contest. Fratric is currently working as an information security engineer at Google. It is currently unknown just how much Microsoft paid Fratric for his IE11 bug hunting, but Microsoft promised to pay up to $11,000 for each confirmed exploit.
While the Windows 8.1 bounty program is ongoing, the IE11 preview bounty program will end on July 26. Moussouris said a number of other researchers have also found exploits in IE11 and will be notified of that fact very soon. She added that as a result of this new bounty program, Microsoft has received more vulnerability reports than they normally do and have received more reports from security researchers that rarely, if ever, directly contact Microsoft.