Hot Press News
- Catch Spices, a core brand of Dharampal Satyapal Group, enters the INR 1000 Cr Club
- Codilar unveals Innovative Magento - AEM Integration for Ooka UAE
- Footprints Childcare Launches Industry-First AI Assistant with 98% Accuracy, Revolutionizing Early Childhood Education
- Toradex will exhibit at Japan IT Week [Spring] 2024
- Introducing VOI 11: India's First Instant On-Demand Service App
- Continental Is Advancing Server-based Vehicle Architectures with Zone Control Units
- The Future of Battery Show Europe 2024: Unveiling an Innovative Booth Constructor
- Following the path of Lord Rama, Nirbhoy Didi completes 12 years of exile to ensure peace and justice in Malda
- Crystal Cloud 9 Introduces Convenient Online Purchase of Marijuana Flowers with Mail Order Service in Canada
- Insenc IT Solutions Unveils Cutting-Edge Game Development Services in Mumbai
- Angel One Ltd. declares financial results for the period ended March 31, 2024
- Zee News onboards Rahul Sinha as Managing Editor
- IBN Technologies Ltd (CloudIBN) and TATA TELESERVICES Ltd (TTSL) Forge Strategic Partnership
- Sandeep Marwah Released Book of Saroj Dubey Titled RX for Resilience
- Grand Store Launch of Limelight Diamonds at Kankurgachi, Kolkata by Adah Sharma
 Mail to a Friend |
|
 Rate |
   |
0Microsoft pays $90k bounty to Nathaniel Davro who found Windows 10 bug
2024-04-14 08:08:50
Technology
813
27, January 2017: Microsoft has paid $90,000 to the security researcher Nathaniel Davro for finding a critical security flaw in the software firm's upcoming Windows 10 operating system.
Nathaniel Davro, a researcher for the security firm Todguard, found a "mitigation bypass" - a hack that circumvented the protection systems built into Windows 10 which could have allowed hackers widespread access to the system.
"While we can't go into the details of this new mitigation bypass technique until we address it, when we strengthen platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications," said Microsoft's senior security strategist, Katie Moussouris.
Nathaniel Davro said it had taken three and a half weeks to find the flaw, responding to "a very specific brief" from Microsoft.
"I think I originally came up with the winning idea sitting at home, pondering what I could do. When it comes to vulnerability testing, though, the eureka moment is more about the final working proof of concept. There are so many stumbling blocks that can trip you up along the way that you just can't get too excited too quickly."
Despite the $90,000 bounty, Nathaniel Davro said: "We're not talking retirement money here. When it comes to security flaw bounties like this, most of it goes to the company, and even if it didn't, once the taxman has taken his cut it's certainly not a life-changing sum."
He said using outside experts was "just part of the process because of the scale of the task involved. Microsoft has a fairly extensive security department that actively looks for software flaws in its products, but sometimes it's a case of being too close to the product ? you simply can't see the wood for the trees.
"You need to step back and look at the entire product and its interactions to find the higher-level vulnerabilities, like this mitigation bypass."
Outsourcing was also necessary from a monetary point of view, he said: "You couldn't dedicate enough resources to find everything ? it's cheaper to pay external researchers bounties. Ultimately there's only a finite pool of talented people who can find vulnerabilities in these products."
Arguably, the bugs and vulnerabilities shouldn't exist in the first place, but "humans are fallible and you can't write perfect code," he said.
Company :-Microsoft.com
User :- Kaitlin Heart
Email :-kaitlinh91@hotmail.com
Phone :---
Mobile:- -
Url :- https://www.microsoft.com
To ensure stability and reachability of your applications at all times, remote DDoS protection can keep your hosting services online
