Microsoft, Facebook: We'll pay cash if you can poke a hole in the INTERNET While Facebook and Microsoft already run security bug bounty programs of their own, the two companies are now working together to reward researchers who can find flaws in some of the underlying technologies behind online communications. The Internet Bug Bounty program will pay a minimum for $5,000 for flaws in sandboxed …
Show me coding practices that I can audit. Show me security from the get-go instead of "oh damn, we've got a tick box left" at the end of development. Show me evidence of PROCESS, not that a certain set of people with a certain skill set cannot break certain products from certain parts of the planet using certain techniques (there's more, but any "certain" is a variable that can invalidate the result as evidence of security).
Anyone who finds a hole is not going to hand that to Google of Microsoft, they'll be selling it on the market to either criminals or to NSA or their brethren in other nations as that offers much improved return on investment.
All this white hat BS is not evidence of security, it's merely a final check of a process that should be in place. Show me that first, and then I will still laugh at you because both are US companies and are thus quite simply unable to keep any data confidential. But that's a separate topic. Enough with the marketing BS already.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
