Microsoft announced the new security bounty programs last year and it have now paid out over $253,000 over to various security experts around the world. In October last year, Microsoft announced their first ever $100,000 bounty for James Forshaw for finding a new class of attack technique on Microsoft’s products. Recently, Microsoft awarded another $100,000 bounty for Yu Yang (@tombkeeper) from NSFOCUS Security Labs.
The following researchers have submitted a qualifying vulnerability or new mitigation bypass techniques to Microsoft as part of the Microsoft Security Response Center (MSRC) Bounty Programs. We thank them greatly for their participation and for working with us to help keep customers safe.
Yu Yang (@tombkeeper), NSFOCUS Security Labs
Mitigation Bypass variants – $100,000
Yu Yang tweeted the following,
@k8em0 In order to express my thanks for your congratulation, maybe I should submit more.
— Yang Yu (@tombkeeper) February 15, 2014