News
News
2/21/2006
03:14 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Slams Security Firm's Bounty For Windows Flaws

Microsoft blasts a security company's recent offer of $10,000 to anyone who discovers a Windows flaw that leads to a critical fix.

Microsoft Corp. on Tuesday criticized a security company's recent offer of $10,000 to someone who discovers a Windows flaw that leads to a critical fix, saying the program is not the best way to protect customers.

IDefense started offering the bounty last week as an addition to its controversial Vulnerability Contributor Program, launched in 2005.

“Microsoft works closely with many security research and security software companies and does not believe that offering compensation for vulnerability information is the best way they can help protect their customers," the company said in an email. "Microsoft believes that responsible disclosure, which involves making sure that an update is available from software vendors the same day the vulnerability is first broadly known, is the best way to protect the end user.”

IDefense executives say the reason for the program is to get researchers to focus on security issues that are a priority to the company's clients. To qualify for the latest offer, which expires March 31, a researcher would have to report a vulnerability that Microsoft eventually classifies as a "critical" fix.

Experts have criticized such bounties as creating a market for vulnerabilities and blurring the lines between hackers looking to write viruses that exploit Windows, and legitimate researchers looking to protect users.

IDefense is not alone in paying for the discovery Windows flaws. TippingPoint, a unit of 3Com, offers a similar program.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A look at the top stories from InformationWeek.com for the week of September 7, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.