Mobile // Mobile Applications
Commentary
7/23/2010
09:55 PM
Dave Methvin
Dave Methvin
Commentary
50%
50%

Microsoft Wants Free Testers

Writing software is hard, but testing software and finding bugs can be harder. That's why companies like Google and Mozilla pay upwards of a $3,000 bounty to anyone who reports a serious security bug in their browsers. Don't expect anything more than an attaboy if you find a hole in Internet Explorer, though.

Writing software is hard, but testing software and finding bugs can be harder. That's why companies like Google and Mozilla pay upwards of a $3,000 bounty to anyone who reports a serious security bug in their browsers. Don't expect anything more than an attaboy if you find a hole in Internet Explorer, though.According to ThreatPost.com, Microsoft will not pay bug bounties to the people who find security bugs. They will, however, offer credit to them by naming them in the security bulletin when the bug fix is posted. Considering how long it can take to find security issues, some sort of monetary thank-you doesn't seem out of line. Remember that if the good guys don't find these security holes, the bad guys will. If paying a bug bounty seems expensive, consider the cost to Microsoft's reputation if these holes are exploited.

I'm not sure what Microsoft's beef is about paying someone for finding a critical bug. Are they worried that their software has so many bugs that it will bankrupt them? On the contrary, one benefit of paying a bug bounty is that it's possible to put at least one well-defined cost on a bug. That provides a stronger incentive for finding and eliminating bugs during the development process. It also brings outside expertise to bear in a way that can't be duplicated by in-house development staff.

Now if you are just dead-set on being paid for finding a bug in a Microsoft product, there is one possibility that the company holds out for you. Microsoft's Jerry Bryant says, "While we do not provide a monetary reward on a per-bug basis, like any other industry, we do recognize and honor talent. We've had several influential folks from the researcher community join our security teams as Microsoft employees." So perhaps the free work that you give to Microsoft is just your ticket to a job in Redmond. Then again, perhaps not.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.