secure poon wrote: > *Proposition* > > Microsoft is a 280+ billion dollar corporation. Why don't/can't they > have a standard ransom fee for security flaws? > > 0day Remote OS flaw: $1,000,000 > 0day IE explorer flaws that give administrative shells: $200,000 > 0day (other flaws) that affect other products (ie office): $200,000 > etc..(these fees could be much higher) > > Provided the person who discovered the vulnerability gives a full > working patch, Then Microsoft could patch the hole right away and > people could update. (yes i know lots of people don't update but at > least it is a start, and then legally they would be so liable). Maybe > this concept isint new and I am just in the dark about it. > > *Question* > ** > Why does'nt Microsoft (or any company) do this? And also has > Microsoft ever been held criminaly liable for negligence in a criminal > case for not patching a flaw leading to a security breach? Or is there > team of lawyers just to much for any normal person? All I can say is AMEN. Having to sell to TPs, iDefs, and Nation States is so much more painful.
Jared :)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
