topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 9:01 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Bug Bounty From MS  (Read 4820 times)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Bug Bounty From MS
« on: June 19, 2013, 07:42 PM »

Microsoft unleashes bug bounty program — for betas, too

The software giant's bug bounty program will aim to fix security flaws, bugs, and vulnerabilities even before products are released.

http://www.zdnet.com...betas-too-7000016956

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #1 on: June 19, 2013, 08:00 PM »
Do we send the bugg reports to MS or the NSA?

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #2 on: June 20, 2013, 07:43 PM »
Do we send the bugg reports to MS or the NSA?

  Don't matter who you send it to, the NSA will get a copy BEFORE the intended recipient does....

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #3 on: June 22, 2013, 08:37 PM »

  Well here's the "Gotcha" from MS.  Now whodathunkit?

Microsoft's $100,000 bug bounty: Read the fine print
06.22.2013 10:30 AM
Microsoft is offering up to $100,000 for vulnerabilities found in Windows 8.1 that are paired with exploits, but it's pretty much up to Microsoft to decide who gets paid how much based on a set of subjective criteria.

http://www.pcworld.c...-the-fine-print.html

Fred Nerd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 278
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #4 on: June 24, 2013, 06:13 AM »
So basically they want you to keep all the bugs you find a secret so that you can be the only person claiming the bounty. This way no-one will put all the bugs up on the net to be laughed at.

Smooth move.

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #5 on: June 24, 2013, 02:29 PM »
So basically they want you to keep all the bugs you find a secret so that you can be the only person claiming the bounty. This way no-one will put all the bugs up on the net to be laughed at.

Smooth move.

  But the biggest issue is MS gets to decide how much the bug report is worth based on their "Subjective Criteria".  Of course to save themselves a lot of money, all they have to say is "Oh, this bug isn't that big of a deal or important enough to give you very much money....

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #6 on: June 24, 2013, 03:59 PM »
If somebody dug up three bugs looking to get paid for them, and MS didn't have a decent going rate type price for the first one... I bet the other two would get offered to somebody else first.

Just sayin'... ;)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: Bug Bounty From MS
« Reply #7 on: June 24, 2013, 07:18 PM »
If somebody dug up three bugs looking to get paid for them, and MS didn't have a decent going rate type price for the first one... I bet the other two would get offered to somebody else first.

Just sayin'... ;)

  I hear the Russian Mafia pays big bucks for bugs, especially for ones that allow back doors and such....   :P