While Facebook and Microsoft already run security bug bounty programs of their own, the two companies are now working together to reward researchers who can find flaws in some of the underlying technologies behind online communications. The Internet Bug Bounty program will pay a minimum for $5,000 for flaws in sandboxed …
Flaws in the Internet ..
There's nothing wrong with the Internet, the flaw resides in the flaky software at either end ..
Re: Flaws in the Internet ..
Well, they probably use Microsoftish instead of English... look at the IE: the IE options are called in Microsoftish "Internet options", so maybe they are still trying to find holes in IE...
Nice of them to go public before the projects affected have had time to deliberate on the potential issues arising (like, for example, finding ourselves at the receiving end of lots of bounty-motivated NOTABUG reports).
Kernel mailing lists have existed for a reason, for decades.
And they are not driven by corporate marketing.
Still no assurance worth a damn
Show me coding practices that I can audit. Show me security from the get-go instead of "oh damn, we've got a tick box left" at the end of development. Show me evidence of PROCESS, not that a certain set of people with a certain skill set cannot break certain products from certain parts of the planet using certain techniques (there's more, but any "certain" is a variable that can invalidate the result as evidence of security).
Anyone who finds a hole is not going to hand that to Google of Microsoft, they'll be selling it on the market to either criminals or to NSA or their brethren in other nations as that offers much improved return on investment.
All this white hat BS is not evidence of security, it's merely a final check of a process that should be in place. Show me that first, and then I will still laugh at you because both are US companies and are thus quite simply unable to keep any data confidential. But that's a separate topic. Enough with the marketing BS already.