Microsoft Slams Security Firm's Bounty For Windows Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Microsoft Slams Security Firm's Bounty For Windows Flaws

Microsoft blasts a security company's recent offer of $10,000 to anyone who discovers a Windows flaw that leads to a critical fix.

Microsoft Corp. on Tuesday criticized a security company's recent offer of $10,000 to someone who discovers a Windows flaw that leads to a critical fix, saying the program is not the best way to protect customers.

IDefense started offering the bounty last week as an addition to its controversial Vulnerability Contributor Program, launched in 2005.

“Microsoft works closely with many security research and security software companies and does not believe that offering compensation for vulnerability information is the best way they can help protect their customers," the company said in an email. "Microsoft believes that responsible disclosure, which involves making sure that an update is available from software vendors the same day the vulnerability is first broadly known, is the best way to protect the end user.”

IDefense executives say the reason for the program is to get researchers to focus on security issues that are a priority to the company's clients. To qualify for the latest offer, which expires March 31, a researcher would have to report a vulnerability that Microsoft eventually classifies as a "critical" fix.

Experts have criticized such bounties as creating a market for vulnerabilities and blurring the lines between hackers looking to write viruses that exploit Windows, and legitimate researchers looking to protect users.

IDefense is not alone in paying for the discovery Windows flaws. TippingPoint, a unit of 3Com, offers a similar program.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll