Microsoft Hands Out $28k In IE11 Bug Bounty Program 57
hypnosec writes "Microsoft paid out over $28,000 in rewards under its first ever bug-bounty program that went on for a month during the preview release of Internet Explorer 11 (IE11). The preview bug bounty program started on June 26 and went on till July 26 with Microsoft revealing at the time that it will pay out a maximum of $11,000 for each IE 11 vulnerability that was reported. Microsoft paid out the $28k to a total of six researchers for reporting 15 different bugs. According to Microsoft's 'honor roll' page, they paid $9,400 to James Forshaw of Context Security for pointing out design level vulnerabilities in IE11 as well as four IE11 flaws. Independent researcher Masato Kinugawa was paid $2,200 for reporting two bugs. Jose Antonio Vazquez Gonzalez of Yenteasy Security Research walked off with $5,500 for reporting five bugs while Google engineers Ivan Fratric and Fermin J. Serna were each handed out $1,100 and $500 respectively."
It is just QA cost saving (Score:5, Insightful)
Re:It is just QA cost saving (Score:5, Insightful)
You *should* post them online.
If you give MS secret notice and a heads up, then the NSA gets the bugs and exploits them, and MS takes ages to implement a fix. It's the real world here, they've been hacking Belgian telco's, Oil companies, banks using that trick. When discovered MS simply pretending it was a zero day expoit used by Russian or Chinese hackers and quickly rolled out a fix.
If you post it online on the other hand, we immediately know about it, and can immediately mitigate it by blocking that subsystem, or turning off this and that feature. Not perfect, but better than some military hacker only following orders.
Love is the Answer (Score:3, Insightful)
...the crowd here hate anything MS...
If your answer includes "Microsoft is Hated" as a reason for anything you are right to not register here. Ignoring the fact that you sound like a sulky 16 year old girl. The mix here is far from being Linux and Apple centric. Microsoft is an abusive, customer hostile company that deserves to be hated. The reality is it isn't. People are fickle, and right now Microsoft is one disappointment after another...but that would not stop them using IE. If it wants to be loved, producing decent products would be a good start.
The answer is unlikely to be a new version of IE (one over a year old and one unrealsed)..."better" is just another unmeasurable "meh" it does not cut it here, or anywhere. It is still vastly behind, platform centric option. If IE10 was any good (IE11 not yet released) it would have started making traction 13 months ago...not now.
Black is White (Score:4, Insightful)
Heh. The sad thing is that if you swap the names Google or Apple into that statement (or any of a number of other obvious names), it would hold just about as much truth.
Except its not even remotely true. Google move from strength to strength, and Apple are immune to criticism. Microsoft is surrounded by failure both in its traditional "monopoly" market windows and its new markets "products and services". Ballmer got stabbed in the front by Bill "my charity is better than yours" Gates "I don't have to pay tax". Its Xbone launch was anti-gamer.
Want Proof....http://www.interbrand.com/en/best-global-brands/2013/Best-Global-Brands-2013.aspx Apple is considered the top brand...Google the top riser.(Microsoft did rise a smigin though ;)