lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031105170945.GA8672@ssc.com>
From: dan at ssc.com (Dan Wilder)
Subject: M$ puts bounty out for Blaster and Sobig culprits

On Wed, Nov 05, 2003 at 10:35:08AM -0500, Robert Davies wrote:

> > Maybe M$ should put out a bounty for reporting bugs in their 
> > crappy software without going public instead.  That might be 
> > more effective.
> 
> Effective, yes, but I would not believe MS willing to pay people to hear
> about how crappy they coded x, y and z service.

The last time anybody I know tried to report a bug to the Redmond Giant,
they wanted him to slap down a credit card and pay _them_ before they'd
accept the report.  He did.  They didn't charge him much, less than
$100, but the bug was never fixed.

Needless to say the guy never attempted to report another bug to them.
He was a supporter of theirs, too.  He still has his complete collection
of original Windows NT Beta CDs!  

Last I heard from him, he wanted to know if I'd help him cross a few "t"s 
after he upgrades his main fileserver from older Slackware to SuSE 9.

Maybe now when they've come to understand that quality matters to at
least some of their customers, they'll rethink the misguided policy
of requiring the public to pay to submit bug reports.

-- 
Dan Wilder <dan@....com>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ