Microsoft Explains The Logic Behind Paying Security Experts For Finding Vulnerabilities

They say work on Windows never stops at Redmond. The company is deep into development on a number of operating platforms, from updates for Windows 8.1 to full new versions like Windows 9.

And as is always the case, security plays a decisive role in sales performance, not just for businesses and enterprises, but also end users.

Microsoft has launched several new bug bounty programs in the past, and continues to do so. These pay security researchers across the world that find bugs, flaws and vulnerabilities in its software — most notably Windows and Internet Explorer.

In fact, a number of researchers were recently paid rewards for the information they shared.

And now the company has shared the logic behind launching such programs. In a new report, Microsoft talked about how it refused to pay for finding vulnerabilities in its software in the past, and instead opted to mention the name of the researchers in its security advisories.

But the 90s have come and gone, people!

According to Katie Moussouris, the senior strategy lead at Redmond, the company wanted to disrupt the black market instead of competing with it, as there had been instances where security researchers could earn a lot of money by selling the vulnerabilities they found in its software products:

“Our new bounty programs add expanded depth and flexibility to our existing community outreach programs. Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers.

At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of Microsoft’s outreach.”

All for a good cause, then. Since announcing these bug bounty programs, the company has paid figures of up to $100,000 for flaws found in Windows and Internet Explorer.

And with newer versions of these software in development, Microsoft has promised the continuation of this policy. The new wave of products that are about to hit the market within the next year or so should provide security researchers more incentives to find and report any vulnerability they find.

Please Leave Your Comments Below...