Bugs for dollars
The initiative started some time ago that pays a security researcher for their work is gathering yet more steam. This time some people were offered significantly more then the paltry several thousand. It always struck me as exceedingly cheap that an exploit would be bought for only a few thousand dollars. More often then not, a lot of billable hours go into researching and developing an exploit. Were Microsoft serious about security then they would start buying exploits as well. Then again though, doing so might very well bankrupt them 
. Seriously though, Microsoft should start to consider paying for such exploits, or hire better talent for their Q&A.
Technorati Tags: Exploit, Microsoft, Security researcher, Quality assurance
veridicus Says:
January 23rd, 2007 at 3:52 pm
Microsoft has such a horrible security history you’d think they’d dedicate more of their 50,000 employees to find and fix bugs. But many of their exploits have been due (directly or indirectly) to very poor design. Most of their major exploits would never have been so severe if they designed Windows with proper security layers. This may improve in Vista, but it appears it’s so annoying that many people will simply run as admin anyway.