"The MSRC (Microsoft Security Response Team) posted a message on the sla.ckers.org message board, calling on third-party researchers to submit vulnerability information directly to Redmond before going public.
Immediately after Microsoft's Sla.ckers.org post, "digi7al64" replied with this:
[I] propose MS implement a reward system where you agree to pay cash for vulnerabilities found within your domains. The benefit of this I suggest would be flood of vulnerabilities reported the first few months which would tapper off to only 1 or 2 intermittently as new systems come online.
The cost of this type of project would be relatively low and if you placed a sliding scale on amount paid (based on the vun) I'm sure you could get away with it for less then 20-50k all told… which in the big scheme of things is a drop in ocean for MS."
Click on the link below for the full article:
http://blogs.zdnet.com/security/?p=126
No comments:
Post a Comment