Microsoft pays $100,000 bounty for security bug

Microsoft says it's awarding a $100,000 bounty to a cyber-security expert in Britain who discovered security holes in the company's software.

It's the first time Microsoft has paid that much for identifying what it called an "exploitation technique" that could leave its software vulnerable to hackers.

The company issued a statement congratulating James Forshaw, the head of vulnerability research at Context Information Security, for finding the problem and earning the bounty. Microsoft says its engineers are working on a fix. The company refused to reveal any more details about the security gap until it's corrected.

This is not the first time Forshaw has cashed in for finding computer bugs. He was awarded $9,400 for identifying security problems in a preview version of Microsoft's Internet Explorer 11, and earned another bounty for finding a flaw in Oracle's Java software.

Microsoft launched its bounty program in June to encourage users and security experts worldwide to report any flaws they discovered in its software. So far, the company says it has paid out more than $128,000.


Watch CBSN Live

Watch CBS News anytime, anywhere with the new 24/7 digital news network. Stream CBSN live or on demand for FREE on your TV, computer, tablet, or smartphone.

Watch Now

New Android App

For your Android phone and tablet, download the FREE redesigned app, featuring CBSN, live 24/7 news.

The all new
CBS News App for Android® for iPad® for iPhone®
Fully redesigned. Featuring CBSN, 24/7 live news. Get the App