A boy who started hunting computer bugs aged 13 has been dubbed Microsoft's youngest security researcher. 'Dylan' is the reason the company lowered its minimum age for officially reporting security vulnerabilities.

Everything we know about the boy comes from a Microsoft report, which notes he is currently in his junior year at high school. Because of his age, it appears reporters don't consider it appropriate to try to independently verify any of the details. (Source: microsoft.com)

According to Microsoft, Dylan was a tech enthusiast for a young age, but became more interested in security during the COVID-19 pandemic when his school switched off a setting that allowed students to create their own Teams meetings. He found a way to work around this by using Outlook in an unconventional manner.

Responsible Disclosure

This led to him spending many months trying to learn more about the inner working of Teams and discovered a bug that could let somebody take control of an existing Teams group. Microsoft says the way he handled this discovery was "his entry into the world of responsible disclosure."

As a result of his ongoing bug discoveries, Microsoft changed the minimum age for formally collaborating with the Microsoft Security Response Center.

He's now a prolific bug hunter, having discovered and reported 20 security vulnerabilities over the course of last summer. He's also twice been on an annual list of the 100 "most valuable security researchers," where the rankings are a combination of the number and importance of bugs reported.

Communication Praised

Earlier this year he placed third in Zero Day Quest, an in-person event at Microsoft's headquarters where contestants are challenged to act as ethical hackers and try to breach Microsoft products.

According to Microsoft, it's not just Dylan's technical skills that impress, but that "He's known for respectfully pushing back when he disagrees with MSRC's initial assessments-always aiming to understand their perspective and articulate his own clearly."

Although he is said to be open to a career in cybersecurity, he's also considering options in science and civics. (Source: tomshardware.com)

What's Your Opinion?

Are you surprised by this story? Should tech companies worry about age when receiving security reports? Do teenagers have an advantage when it comes to cybersecurity skills?