[Info-vax] Microsoft launches a new Windows bug bounty program
Arne Vajhøj
arne at vajhoej.dk
Fri Jul 28 16:13:11 EDT 2017
On 7/28/2017 12:17 PM, John Reagan wrote:
> On Wednesday, July 26, 2017 at 5:32:20 PM UTC-4, Simon Clubley
> wrote:
>> Microsoft has launched a new Windows bug bounty program.
>> Discussion on Slashdot at:
>>
>> https://news.slashdot.org/story/17/07/26/1839258/microsoft-launches-windows-bug-bounty-program-with-rewards-ranging-from-500-to-250000
>>
>> which references:
>>
>> https://venturebeat.com/2017/07/26/microsoft-launches-windows-bug-bounty-program-with-rewards-ranging-from-500-to-250000/
>>
>> As for me I would be happy to simply see VSI put on it's website the
>> formal security reporting mechanism which Clair arranged to be
>> created last year after the discussions here.
>>
>> You never know if the next VMS bug might be something which
>> requires a more formal and secure reporting mechanism.
>
> Bug rewards often don't work. Go ask Apple how there's worked out.
> They offered a measly $200K (or something) for a iOS exploit. They
> got zero responses. They are worth over $1Million on the dark web.
I don't think bounties should compete with the dark web price wise.
Bounties are not an attempt to buy all zero day vulnerabilities for
ones platform but a way to appreciate the work done by the white
hats finding these bugs before the black hats.
Arne
More information about the Info-vax
mailing list