Microsoft Invites Black Hats into Vista

gtzpower writes "Microsoft is inviting hackers to 'Take Your Best Shot' at Vista. 'You need to touch it, feel it,' Andrew Cushman, Microsoft's director of security outreach, said during a talk at the Black Hat computer-security conference. 'We're here to show our work.'" From the article: "A security team with oversight of every Microsoft product — from its Xbox video game console to its Word program for creating documents — has broad authority to block shipments until they pass security tests. The company also hosts two internal conferences a year so some of the world's top security experts can share the latest research on computer attacks." Essentially a tie-in with an article we discussed yesterday.

Re:Trap?

[just_another_sean]

You may be right. In a pschological sense they succeeded with at least one person, at least if you take his statement at face value. From yesterday's article:

Mr. Moore, 24 years old, who lives in Austin, Texas. But he says the meetings put a human face on a company he once saw as impenetrable. "You're less willing to publicly humiliate someone you know in real life," he says.'"

Re:Microsoft invites what now?

[mrxak]

Probably a good idea to do $1,000 pet exploit found first, plus a free copy of Vista when it's done for everyone reporting at least 20 (let's be honest, it probably won't be that hard to find 20), and some other rewards for most found. Microsoft could afford to pay these guys and get some actual results out of it. The alternative really is to let all the black hats find out the exploits months in advance, report nothing, and then on release day things go absolutely nuts.