Should Microsoft start paying for vulnerabilities?
Hackers are starting to agitate for Microsoft to start paying for information on security flaws found in its software products.
The issue surfaced this week after the MSRC (Microsoft Security Response Team) posted a message on the sla.ckers.org message board, calling on third-party researchers to submit vulnerability information directly to Redmond before going public. The invitation ? which extended to bugs found in all of Microsoft online web properties such as *.microsoft.com, *.msn.com and *.live.com ? is part of Microsoft's insistence on the concept of "responsible disclosure," where researchers give advance notice to affected vendors but, for the first time, the response from hackers suggest it's time for Microsoft to offering cash rewards for flaw information.