Writing software is hard, but testing software and finding bugs can be harder. That's why companies like Google and Mozilla pay upwards of a $3,000 bounty to anyone who reports a serious security bug in their browsers. Don't expect anything more than an attaboy if you find a hole in Internet Explorer, though.
Writing software is hard, but testing software and finding bugs can be harder. That's why companies like Google and Mozilla pay upwards of a $3,000 bounty to anyone who reports a serious security bug in their browsers. Don't expect anything more than an attaboy if you find a hole in Internet Explorer, though.According to ThreatPost.com, Microsoft will not pay bug bounties to the people who find security bugs. They will, however, offer credit to them by naming them in the security bulletin when the bug fix is posted. Considering how long it can take to find security issues, some sort of monetary thank-you doesn't seem out of line. Remember that if the good guys don't find these security holes, the bad guys will. If paying a bug bounty seems expensive, consider the cost to Microsoft's reputation if these holes are exploited.
I'm not sure what Microsoft's beef is about paying someone for finding a critical bug. Are they worried that their software has so many bugs that it will bankrupt them? On the contrary, one benefit of paying a bug bounty is that it's possible to put at least one well-defined cost on a bug. That provides a stronger incentive for finding and eliminating bugs during the development process. It also brings outside expertise to bear in a way that can't be duplicated by in-house development staff.
Now if you are just dead-set on being paid for finding a bug in a Microsoft product, there is one possibility that the company holds out for you. Microsoft's Jerry Bryant says, "While we do not provide a monetary reward on a per-bug basis, like any other industry, we do recognize and honor talent. We've had several influential folks from the researcher community join our security teams as Microsoft employees." So perhaps the free work that you give to Microsoft is just your ticket to a job in Redmond. Then again, perhaps not.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.