Microsoft: We're not Paying for Bug Bounties

Status
Not open for further replies.

azconnie

Distinguished
Sep 26, 2009
199
0
18,690
So the KIN can take 240Mil from XBOX, but MS can't spend a cen't on improving security? I would say more... but this would become a 3 page rant.
 

SirGCal

Distinguished
Apr 2, 2010
310
0
18,780
Heh, if MS had to pay for each bug reported, they'd probably go bankrupt...

But serious, all kidding aside, they are just stingy.. I mean look at their history. That's entirely what they have always been (among other things)... It won't change. They think they're above everything else and just do their own thing... I agree with connie; if I started, this rant would go on and on and...
 

lespy

Distinguished
Apr 22, 2010
24
0
18,520
Microsoft probably has a whole team of fully staffed security experts, why would it want to pay more for what there already doing. as for being cheap, personally i would much rather be taught to fish rather then being given one.
 

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
[citation][nom]lespy[/nom]Microsoft probably has a whole team of fully staffed security experts, why would it want to pay more for what there already doing. as for being cheap[/citation]

Obviously the history of security problems shows that they are not enough. Real-world security requires real-world exposure outside of the lab where fools are in abundance and have direct access to the system the software is on.
 

buddhav1

Distinguished
Jul 29, 2009
72
0
18,630
debugging a web browser is a lot less expensive for Google or Mozilla than debugging an OS from Microsoft. of course they're not paying 3 grand a pop, it'd cost them billions.
 

antilycus

Distinguished
Jun 1, 2006
933
0
18,990
ADOBE needs to burn FLASH. It has succesfully frozen 4 out of 4 computers with NO FIX ANYWHERE IN SITE. I've tried beta's, new display drivers, new versions, old versions, etc. FLASH is crap. Every single flash ad and flash video flashes both of my screens. and stops playing video. If you close the browser you get an instant lock up(mouse freeze and everything) requiring a hard boot. I've been tyring ot resolve this issue for 5 weeks now. Since 10.0.42 was updated. Too bad going back to the older version didn't resolve the problem either.

IF I were MS I wouldnt pay either. but ADOBE needs to because they are on the verge of losing every Flash customer on the planet.
 

pojih

Distinguished
May 21, 2009
158
0
18,680
I can see why it would be nice for Microsoft to pay - but you guys all calling Microsoft 'cheap' seem to misunderstand how businesses work.

 

croc

Distinguished
BANNED
Sep 14, 2005
3,038
1
20,810
Hmm... If I were MS, I wouldn't pay either. Their own security team, coupled with some of the major outside security firms that do their own testing for flaws serve them well enough methinks. Sans, CERT, Secunia and others do quite a bit of bug testing, and most will advise MS if a flaw is found.

Keep in mind that developing a patch, and doing the required testing prior to release may take a month for a simple patch, or two months for a complex patch.
 

f-14

Distinguished
Microsoft's Jerry Bryant said in an email.... the company doesn't provide a monetary reward on a per-bug basis, Microsoft does recognize honor and talent--traits that could land you a job at Microsoft...Many of these vendors and individuals first came to our attention based on the high-quality and unique approaches demonstrated by the vulnerabilities they reported.
yes offering them full time employment to shut them up.... if only these poor fools would prove the folly to microsoft for not taking them up on their offer, these guys could just as easily auction off the security flaw to internet theives on ebay for alot more if it really compromises security in such a bad way to allow them to exploit something worth their time and money to attack systems every where.

best way to beat a criminal is to think like a criminal, getting your bank account and pin # is not likely or probable, how ever obtaining routing information and personably identifying information is. black mailing the victim with a threat to revealing that information to others works just as easily if some poor fool is getting an affair on at ashleymadison.com and doesn't want his wife to find out and divorce him along with 1/2 of what ever they own! i'm sure there's lots of better ways to exploit thing, this was just a fast easy way to set and example.
 

shades_aus

Distinguished
Mar 26, 2009
26
0
18,530
Oh well, then maybe a few of these "experts" Microsoft claims it has snatched up can earn a quick buck on the side helping make Mozilla even better than micro$ garbage.
 

descendency

Distinguished
Jul 20, 2008
582
0
18,990
[citation][nom]sliem[/nom]Because it would cost them millions due to overwhelming bugs found .No, I like Windows 7, I'm just saying nobody's perfect.[/citation]
The vast majority of security flaws in Windows 7 come from 3rd party programs (mainly those made by garbage companies like Adobe)
 

Marco925

Distinguished
Aug 11, 2008
967
0
18,990
[citation][nom]azconnie[/nom]So the KIN can take 240Mil from XBOX, but MS can't spend a cen't on improving security? I would say more... but this would become a 3 page rant.[/citation]
They spend plenty of cents on improving security, that's what the security team at microsoft is for. they pay their internal people to do their job. start paying random people off the street and then these people with legitimate taxpaying jobs will be laid off.
 

rocky1234

Distinguished
Sep 9, 2008
130
0
18,680
Why should MS pay for someone outside the company to find bugs that is why they employ people to do that. If google & firecrotch want to pay then let them & in a year we will see who is about to go out of business because they spent to much money this way. Ok so saying google would go out of business is a bit much but firecrotch sure the heck can not do it for very long & yes there are many many bugs in firefox to fix. Yes I use firefox myself but it crashes just like any other software.
 
Status
Not open for further replies.