Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Microsoft fumes about security bounty

__/ [ Roy Culley ] on Tuesday 21 February 2006 23:55 \__

> http://theinquirer.net/?article=29787
>     MICROSOFT is fuming over a move by security outfit iDefense to
>     offer hackers a $10,000 bounty for finding serious flaws in its
>     software.
>     ...
>     A spokesVole told EWeek that paying for flaws is not the best way
>     to secure software products. Microsoft thinks that the best way
>     forward is what it calls \u201cresponsible disclosure\u201d where
>     the person who finds the flaw tells Microsoft, who eventually
>     releases a patch and then announces the glitch has been found.
>     ....
>     However it claims its bounty system was a good way to get a list
>     of bugs in the software. Last year iDefense found three 'critical'
>     vulnerabilities and reported them to Microsoft,
>     A spokesman for iDefense said that it was ironic that Vole offered
>     $250,000 to capture a virus writer, but didn't want to pay for
>     information that would stop the propagation of the virus.
> See, it is possible to make money from MS SW. Sadly, that's just for
> the few. Those who have to use Windows lose money hand over foot just
> to keep the bug ridden 'OS' running.

This  bounty hunt was announced about a week ago (I think I posted a  link
to  COLA). I don't see how this badly affects Microsoft. If anything, they
should  be grateful. They are getting free bug tracking; and reports  too.
In  WordPress, for instance, a 'bounty hunt' was announced as part of  our
attempt to squash as many bugs as possible. Several dozens were discovered
and  then  mended. So what is Microsoft whining about? Make good  products
and  show that bounty hunts are pointless, even when the code if  closed--
source.  The  Linux kernel is metaphorically naked, it out there  and  yet
no-one is able to break it to pieces. Many eyes are watching and it  works
to one's advantage.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index