IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New "Cost and effect" is usually a strength of MS..why not here?
The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.

Many security professionals follow these practices, and Microsoft wants to single them out for special thanks. The acknowledgment section of our security bulletins is intended to do this. When you see a security professional acknowledged in a Microsoft Security Bulletin, it means that they reported the vulnerability to us confidentially, worked with us to develop the patch, and helped us disseminate information about it once the threat was eliminated. They minimized the threat to customers everywhere by ensuring that Microsoft could fix the problem before malicious users even knew it existed.


If MS had any brains, they would pay some piddling sum to people who find security holes and report them first to Microsoft. If anyone is in a position to profit from this, it's MS--they're already seen as a monolith, so getting a "thank you" becomes rapidly less meaningful. And it wouldn't cost them any more than they're paying their security department now anyway...

$50 each?
That's her, officer! That's the woman that programmed me for evil!
New Hmmmm.
$50 for each security hole reported? Umm, wouldn't that tend to depress their stock prices as the money rapidly drains out of their stockpile into the hole finders hands? Sheesh, they would end up in the red in no time.

:)
For every human problem, there is a neat, simple solution;
and it is always wrong
H. L. Mencken, Mencken's Metalaw
New Please...
... don't follow this up here...
Regards,

-scott anderson
New Can't be *that* many holes
um, surely there can't be

Right?

Who knows how empty the sky is
In the place of a fallen tower.
Who knows how quiet it is in the home
Where a son has not returned.

-- Anna Akhmatova (1889-1966)
New Like this example, which someone else reminded me of:
[link|http://cr.yp.to/qmail/guarantee.html|[link|http://cr.yp.to/qmail/guarantee.html|http://cr.yp.to/qmail/guarantee.html]]

That's her, officer! That's the woman that programmed me for evil!
     Can I have a Security forum again? Please? - (tseliot) - (9)
         "Cost and effect" is usually a strength of MS..why not here? - (tseliot) - (4)
             Hmmmm. - (Silverlock) - (2)
                 Please... - (admin)
                 Can't be *that* many holes - (wharris2)
             Like this example, which someone else reminded me of: - (tseliot)
         Well... - (admin) - (3)
             I only want one, with no header. - (tseliot) - (2)
                 Done. - (admin) - (1)
                     But of course. :) -NT - (tseliot)

Golden Service, Incorporated
42 ms