Microsoft paid out over $28,000 in rewards under its first ever bug-bounty program that went on for a month during the preview release of Internet Explorer 11 (IE11).
The preview bug bounty program started on June 26 and went on till July 26 with Microsoft revealing at the time that it will pay out a maximum of $11,000 for each IE 11 vulnerability that was reported. The program was designed to run during IE11’s browser beta test run – a time when third-party bug brokers would normally decline to purchase flaws.
Microsoft paid out $28k a total of six researchers for reporting 15 different bugs. According to the Bounty Hunters: The honor roll page, Microsoft paid out $9,400 to James Forshaw of Context Security for pointing out design level vulnerabilities in IE11 as well as four IE11 flaws. Independent researcher Masato Kinugawa was paid out $2,200 for reporting two bugs. Jose Antonio Vazquez Gonzalez of Yenteasy Security Research walked off with $5,500 for reporting five bugs while Google engineers Ivan Fratric and Fermin J. Serna were each handed out $1,100 and $500 respectively.
Peter Vreugdenhil of Exodus Intelligence also reported a vulnerability, but the amount paid to him has been withheld. If we do a quick math, it seems that Vreugdenhil walked away with $10,000.
The $28k amount that Microsoft boasts off is just $1k more than what Google paid to external researchers last week under its own bug bounty program for reporting vulnerabilities in Chrome browser. Google is known for its rewards and Microsoft’s $28k is just 10 percent of what Google has paid so far to external researchers.
Microsoft is set to release the final version of Internet Explorer 11 for Windows 8 and RT on October 17 alongside Windows 8.1.