Microsoft Slams Security Firm’s Bounty For Windows Flaws

Microsoft Corp. on Tuesday criticized a security company’s recent offer of $10,000 to someone who discovers a Windows flaw that leads to a critical fix, saying the program is not the best way to protect customers.


IDefense started offering the bounty last week as an addition to its controversial Vulnerability Contributor Program, launched in 2005.


“Microsoft works closely with many security research and security software companies and does not believe that offering compensation for vulnerability information is the best way they can help protect their customers,” the company said in an email. “Microsoft believes that responsible disclosure, which involves making sure that an update is available from software vendors the same day the vulnerability is first broadly known, is the best way to protect the end user.”


InformationWeek

Leave a Reply