Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says No To Paying Bug Bounties

Posted by timothy on from the like-mel-gibson-in-ransom dept.

Trailrunner7 writes "In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors in the security community that Microsoft soon would follow suit and start paying bounties as well. However, a company official said on Thursday that Microsoft was not interested in paying bounties. 'We value the researcher ecosystem, and show that in a variety of ways, but we don't think paying a per-vuln bounty is the best way. Especially when across the researcher community the motivations aren't always financial. It is well-known that we acknowledge researcher's contributions in our bulletins when a researcher has coordinated the release of vulnerability details with the release of a security update,' Microsoft's Jerry Bryant said."

12 of 148 comments (clear)

  1. Or it could be because they would be bankrupt ... by MeNotU · · Score: 5, Funny

    Or it could be because they would be bankrupt within the week.

  2. Translation: by rah1420 · · Score: 4, Funny

    "we don't think paying a per-vuln bounty is the best way."

    -- er

    "We can't afford the hit to our bottom line if we were to start paying people to find the bugs in our software."

    --
    Mit der Dummheit kämpfen Götter selbst vergebens.
  3. ROI by theskipper · · Score: 4, Funny

    "We don't care, we don't have to...we're the operating system company."

  4. Committed to their current strategy by ICLKennyG · · Score: 2, Funny

    About 15 years ago they made a long term investment to running their image into the ground so people would hate them so much that they would be willing to find the bugs for free. It's been working well for a long time, and at this point they have already written the check, why switch.

    Microsoft sucks! I'll prove it, look at this random arbitrary glitch in the way they handle SMTP requests.

    Thank you very much, fixed. Next!

    Crazy like a fox (news anchor).

  5. Re:Or it could be because they would be bankrupt . by Anonymous Coward · · Score: 3, Funny

    Microsoft: As good at security as Linux users are at doing sex with girls

  6. Re:Or it could be because they would be bankrupt . by Anonymous Coward · · Score: 5, Funny

    as well witnessed by the linux user who refers to it as "doing sex"

  7. Re:Or it could be because they would be bankrupt . by Anonymous Coward · · Score: 3, Funny

    Oh, we don't think it was immaculate...

  8. It was all well and good until... by bsDaemon · · Score: 4, Funny

    ... they were reminded that the user is the biggest security threat to any system. Upon considering their market share they realized how potentially disastrous this would be once anyone with a phone book figured it out.

  9. Of course MS can't afford it... by Anonymous Coward · · Score: 1, Funny

    ...they've spent all their surplus cash paying people who forward Bill Gate's email message to 25 other people.

  10. Re:Or it could be because they would be bankrupt . by bigsteve@dstc · · Score: 1, Funny

    Well good for you! Now if we could just stop Windows users breeding ... ;-)

  11. Re:not surprising by mcgrew · · Score: 3, Funny

    Finally! Someone used the word "loose" properly. Even if the meaning of the sentence is different than what you intended (I have no way of knowing), it's true nevertheless. They would have indeed loosed big money.

    --
    Free Martian Whores!
  12. Re:Or it could be because they would be bankrupt . by somersault · · Score: 2, Funny

    Well, my brother is gay. He's a geek, but definitely not into fitness. I have no idea about his attitudes in the bedroom however and I'd rather not find out :p

    --
    which is totally what she said