[Info-vax] Microsoft launches a new Windows bug bounty program
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Sun Jul 30 15:55:27 EDT 2017
On 2017-07-28, Arne Vajhøj <arne at vajhoej.dk> wrote:
> On 7/28/2017 12:17 PM, John Reagan wrote:
>>
>> Bug rewards often don't work. Go ask Apple how there's worked out.
>> They offered a measly $200K (or something) for a iOS exploit. They
>> got zero responses. They are worth over $1Million on the dark web.
>
> I don't think bounties should compete with the dark web price wise.
>
> Bounties are not an attempt to buy all zero day vulnerabilities for
> ones platform but a way to appreciate the work done by the white
> hats finding these bugs before the black hats.
>
And besides, bounties are the second thing for a company to consider.
The first thing is a secure security bug reporting mechanism.
The first is optional for an OS company; the second is not.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list