Hacker News new | past | comments | ask | show | jobs | submit login

By taking the cash, I am sure you are bound by secrecy enforced by jail time. I see these increased payments as hush money to keep researchers quiet while they feed them to the NSA for zero day exploits.



Why would Microsoft sell the NSA exploits some black hat came up with against their own operating system? They can just install a backdoor.


They do not have to pay a programmer to put in a back door who may one day talk about it. Fewer people need to know about the program in general.

By default a naturally occurring exploit probably upon inspection looks less intentional then one put there on purpose.


Fewer people need to know about the program in general

. . . except for the outsider who mailed them about it and got paid a chunk of money as a result.


Not to mention, the outsider is a complete unknown. Are they an upstanding white hat? Or are they the darkest of greys? You have no idea.

At least an internal employee is on your payroll, and has been screened with a background check. You don't get to screen which people get to discover vulnerabilities.


This person would just be reporting a exploit and and getting paid for it.

They would not know about the program which takes that exploit and then gives it to the NSA.


And why would a programmer know it was for the NSA? Just tell your underling, "We need a backdoor for <Plausible reason>"


You're either a bad troll or you would make a bad co-conspirator. Just commit a security bug to your own product and save the 100k, duh.


Microsoft can't jail anybody.


Jail time? I don't think so, but I could see MS making you sign an NDA to get the money. There may be other criteria they use in order to pay out.

Nevertheless, I don't see how this is a bad thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: