[ISN] Microsoft: No plans to pay for security vulnerabilities
InfoSec News
alerts at infosecnews.org
Mon Jul 26 00:43:13 CDT 2010
http://www.zdnet.com/blog/security/microsoft-no-plans-to-pay-for-security-vulnerabilities/6935
By Ryan Naraine
Zero Day
ZDNet
July 23, 2010
Mozilla and Google may be increasing the bounties to security
researchers who find security holes in their software products but don't
expect Microsoft to join the pay-for-flaws party.
According to Threatpost's Dennis Fisher, a Microsoft security official
dismissed any suggestion that the company would start buying rights to
security flaws, arguing that its current system of crediting hackers in
security bulletins is working very well.
Here's what Microsoft's Jerry Bryant told Fisher:
"We value the researcher ecosystem, and show that in a variety of
ways, but we don't think paying a per-vuln bounty is the best way.
Especially when across the researcher community the motivations
aren't always financial. It is well-known that we acknowledge
researcher's contributions in our bulletins when a researcher has
coordinated the release of vulnerability details with the release of
a security update."
[...]
More information about the ISN
mailing list