http://www.zdnet.com/blog/security/microsoft-no-plans-to-pay-for-security-vulnerabilities/6935 By Ryan Naraine Zero Day ZDNet July 23, 2010 Mozilla and Google may be increasing the bounties to security researchers who find security holes in their software products but don't expect Microsoft to join the pay-for-flaws party. According to Threatpost's Dennis Fisher, a Microsoft security official dismissed any suggestion that the company would start buying rights to security flaws, arguing that its current system of crediting hackers in security bulletins is working very well. Here's what Microsoft's Jerry Bryant told Fisher: "We value the researcher ecosystem, and show that in a variety of ways, but we don't think paying a per-vuln bounty is the best way. Especially when across the researcher community the motivations aren't always financial. It is well-known that we acknowledge researcher's contributions in our bulletins when a researcher has coordinated the release of vulnerability details with the release of a security update." [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Sun Jul 25 2010 - 22:43:13 PDT
This archive was generated by hypermail 2.2.0 : Sun Jul 25 2010 - 22:56:20 PDT