[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Microsoft: No plans to pay for security vulnerabilities
From: InfoSec News <alerts () infosecnews ! org>
Date: 2010-07-26 5:43:13
Message-ID: Pine.LNX.4.61.1007260043040.4789 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.zdnet.com/blog/security/microsoft-no-plans-to-pay-for-security-vulnerabilities/6935
By Ryan Naraine
Zero Day
ZDNet
July 23, 2010
Mozilla and Google may be increasing the bounties to security
researchers who find security holes in their software products but don't
expect Microsoft to join the pay-for-flaws party.
According to Threatpost's Dennis Fisher, a Microsoft security official
dismissed any suggestion that the company would start buying rights to
security flaws, arguing that its current system of crediting hackers in
security bulletins is working very well.
Here's what Microsoft's Jerry Bryant told Fisher:
"We value the researcher ecosystem, and show that in a variety of
ways, but we don't think paying a per-vuln bounty is the best way.
Especially when across the researcher community the motivations
aren't always financial. It is well-known that we acknowledge
researcher's contributions in our bulletins when a researcher has
coordinated the release of vulnerability details with the release of
a security update."
[...]
_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic