AOH :: ISNQ6553.HTM

Microsoft: No plans to pay for security vulnerabilities




Microsoft: No plans to pay for security vulnerabilities
Microsoft: No plans to pay for security vulnerabilities



http://www.zdnet.com/blog/security/microsoft-no-plans-to-pay-for-security-vulnerabilities/6935 

By Ryan Naraine
Zero Day
ZDNet
July 23, 2010

Mozilla and Google may be increasing the bounties to security 
researchers who find security holes in their software products but don't 
expect Microsoft to join the pay-for-flaws party.

According to Threatpost's Dennis Fisher, a Microsoft security official 
dismissed any suggestion that the company would start buying rights to 
security flaws, arguing that its current system of crediting hackers in 
security bulletins is working very well.

Here's what Microsoft's Jerry Bryant told Fisher:

    "We value the researcher ecosystem, and show that in a variety of 
    ways, but we don't think paying a per-vuln bounty is the best way. 
    Especially when across the researcher community the motivations 
    aren't always financial. It is well-known that we acknowledge 
    researcher's contributions in our bulletins when a researcher has 
    coordinated the release of vulnerability details with the release of 
    a security update."

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods