- Qualcomm Launches Snapdragon 4 Gen 2 Mobile Platform
- AMD Launches Ryzen PRO 7000 Series Mobile & Desktop Platform
- Intel Launches Sleek Single-Slot Arc Pro A60 Workstation Graphics Card
- NVIDIA Announces Latest Ada Lovelace Additions: GeForce RTX 4060 Ti & RTX 4060
- Maxon Redshift With AMD Radeon GPU Rendering Support Now Available
Social & RSS Feeds
Latest Videos
Latest News
Should Microsoft Offer Bounties for Discovering Windows Bugs?
The idea of offering bounties for discovering bugs might sound a bit odd to some, but it’s not that uncommon. Both Google and Mozilla have been offering up cash to those who find both serious and mild bugs in their respective browsers, and for the most part, it seems like the idea has been a success thus far. No surprise – what code junkie wouldn’t mind earning some extra cash while digging through C++?
If bug bounties work, then why doesn’t Microsoft, with both a massive wallet and what’s sure to be an OS with the biggest number of holes in it, offer bounties to help make Windows that much more secure?
One could argue that Microsoft couldn’t because Windows isn’t open-sourced, but that isn’t something that comes into play. While it would undoubtedly help with the discovery of holes, the fact of the matter is, skilled crackers already have little problem discovering holes and exploits via reverse engineering or copious amounts of research and trial and error hacking. Much less, some who find these exploits are in it for profit – sometimes selling zero-day offerings for tens of thousands of dollars.
As Microsoft has stated in its own words, “In terms of a per-vulnerability bug bounty program, the analysis from us is that not the best way to invest in the security of our product.” To me, it sounds like Microsoft either doesn’t want to spend the cash on something it doesn’t think it should have to, or it might figure that once the doors are blown open, there could be an overwhelming influx of bugs to be fixed. After all, we’re talking about an operating system here, not something as simple as a Web browser.
Despite the risk, should Microsoft bite the bullet and begin to offer bounties?
Still, a bounty program has worked well for another large technology company: Google. The search giant has found that its vulnerability programs — one for its Chromium Web framework that powers the Chrome browser and another for its Web applications and properties — have resulted in a sustained increase in the number of high-quality bug reports.
Source:
threatpost
Rob Williams
Rob founded Techgage in 2005 to be an 'Advocate of the consumer', focusing on fair reviews and keeping people apprised of news in the tech world. Catering to both enthusiasts and businesses alike; from desktop gaming to professional workstations, and all the supporting software.
