Microsoft Says No To Paying Bug Bounties

Trailrunner7 writes "In the wake of both Mozilla and Google significantly increasing their bug bounties to the $3,000 range, there have been persistent rumors in the security community that Microsoft soon would follow suit and start paying bounties as well. However, a company official said on Thursday that Microsoft was not interested in paying bounties. 'We value the researcher ecosystem, and show that in a variety of ways, but we don't think paying a per-vuln bounty is the best way. Especially when across the researcher community the motivations aren't always financial. It is well-known that we acknowledge researcher's contributions in our bulletins when a researcher has coordinated the release of vulnerability details with the release of a security update,' Microsoft's Jerry Bryant said."

Or it could be because they would be bankrupt ...

[MeNotU]

Or it could be because they would be bankrupt within the week.

Translation:

[rah1420]

"we don't think paying a per-vuln bounty is the best way."

-- er

"We can't afford the hit to our bottom line if we were to start paying people to find the bugs in our software."

ROI

[theskipper]

"We don't care, we don't have to...we're the operating system company."

Committed to their current strategy

[ICLKennyG]

About 15 years ago they made a long term investment to running their image into the ground so people would hate them so much that they would be willing to find the bugs for free. It's been working well for a long time, and at this point they have already written the check, why switch.

Microsoft sucks! I'll prove it, look at this random arbitrary glitch in the way they handle SMTP requests.

Thank you very much, fixed. Next!

Crazy like a fox (news anchor).

Re:Or it could be because they would be bankrupt .

[Anonymous Coward]

Microsoft: As good at security as Linux users are at doing sex with girls

Re:Or it could be because they would be bankrupt .

[Anonymous Coward]

as well witnessed by the linux user who refers to it as "doing sex"

Re:Or it could be because they would be bankrupt .

[Anonymous Coward]

Oh, we don't think it was immaculate...

It was all well and good until...

[bsDaemon]

... they were reminded that the user is the biggest security threat to any system. Upon considering their market share they realized how potentially disastrous this would be once anyone with a phone book figured it out.

Of course MS can't afford it...

[Anonymous Coward]

...they've spent all their surplus cash paying people who forward Bill Gate's email message to 25 other people.

Re:Or it could be because they would be bankrupt .

[bigsteve@dstc]

Well good for you! Now if we could just stop Windows users breeding ... ;-)

Re:not surprising

[mcgrew]

Finally! Someone used the word "loose" properly. Even if the meaning of the sentence is different than what you intended (I have no way of knowing), it's true nevertheless. They would have indeed loosed big money.

Re:Or it could be because they would be bankrupt .

[somersault]

Well, my brother is gay. He's a geek, but definitely not into fitness. I have no idea about his attitudes in the bedroom however and I'd rather not find out :p