By Ryan Naraine
July 23, 2010
Mozilla and Google may be increasing the bounties to security
researchers who find security holes in their software products but don't
expect Microsoft to join the pay-for-flaws party.
According to Threatpost's Dennis Fisher, a Microsoft security official
dismissed any suggestion that the company would start buying rights to
security flaws, arguing that its current system of crediting hackers in
security bulletins is working very well.
Here's what Microsoft's Jerry Bryant told Fisher:
"We value the researcher ecosystem, and show that in a variety of
ways, but we don't think paying a per-vuln bounty is the best way.
Especially when across the researcher community the motivations
aren't always financial. It is well-known that we acknowledge
researcher's contributions in our bulletins when a researcher has
coordinated the release of vulnerability details with the release of
a security update."
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com