Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says No To Paying Bug Bounties

Posted by timothy on from the like-mel-gibson-in-ransom dept.

Trailrunner7 writes "In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors in the security community that Microsoft soon would follow suit and start paying bounties as well. However, a company official said on Thursday that Microsoft was not interested in paying bounties. 'We value the researcher ecosystem, and show that in a variety of ways, but we don't think paying a per-vuln bounty is the best way. Especially when across the researcher community the motivations aren't always financial. It is well-known that we acknowledge researcher's contributions in our bulletins when a researcher has coordinated the release of vulnerability details with the release of a security update,' Microsoft's Jerry Bryant said."

4 of 148 comments (clear)

  1. Not enough money in the world by TeamMCS · · Score: 0, Troll

    Sadly, no matter how rich Microsoft are, they simply can't afford to write *that* many cheques.

  2. Re:Or it could be because they would be bankrupt . by segin · · Score: 0, Troll

    Except I'm a Linux user and my girlfriend is pregnant.

    P.S. I'm an Atheist and I'm not buying that immaculate conception bullshit you're selling.

  3. Re:Translation: by Rogerborg · · Score: 0, Troll

    Aw, that's so cute. One day, when you're a big boy and work on real products, with real, steady, repeat customers, we'll talk.

    --
    If you were blocking sigs, you wouldn't have to read this.
  4. Re:Or it could be because they would be bankrupt . by drsmithy · · Score: 1, Troll

    It's because to Microsoft, and undiscovered bug is a nonexistant bug. Their "security" model has always been "security through obscurity". Their philosophy is "why fix a bug if you don't have to?"

    Yet they proactively fix bugs and distribute those fixes at no cost. Strange.