Microsoft still bucks bug bounty trend
The richest and biggest software company in the world still won’t pay researchers for disclosing vulnerabilities despite a growing number of its peers opting to do so.
Microsoft thinks bug bounties are superfluous: its Microsoft Security Response Centre (MSRC) team were constantly inundated with free vulnerability reports from researchers looking for fame, not fortune.
Up to 80 percent of Microsoft vulnerabilities were privately and freely reported. Researchers had a variety of motivations behind reporting bugs and money was not necessarily chief among them, Microsoft security boss Mike Reavey said. “I don’t think that filing and rewarding point issues is a long-term strategy to protect customers," he said.
- Thu, 2013-02-07 06:19
- Fri, 2012-07-06 00:51
- Fri, 2012-06-29 03:36