Perhaps they should pay an extra bounty every time they screw up the fix as an incentive
https://twitter.com/msftsecresponse/status/1413166936133754882 …
-
-
Replying to @tiraniddo
... and why not pay bounties to people in the infosec community (
@jonasLyk,@cube0x0 and@gentilkiwi to name a few) that poke around and retest patches to see what breaks, helping Microsoft customers to get a better understanding of the potential mitigations and residual risk.2 replies 0 retweets 2 likes -
Replying to @bugch3ck @tiraniddo and
Jonas L Retweeted Jonas L
they do kinda pay bounties, the thing is though its more work and stress to submit the stuff then doing it. The amount of BS having to go through just dosnt make it worth the max of 2000$ . Example:https://twitter.com/jonasLyk/status/1405025400972005380 …
Jonas L added,
Jonas L @jonasLykReplying to @hacker_Alternative storyline: Them: https://docs.google.com/document/d/1sRrftambp4gz4koVX1Qs1l1ODDFTp1eUd6j6NvmCt1U/edit#heading=h.ca82rsk4z7q2 … Not them: Yarh we spent over one year completely rewriting group policy service- so every vulnerability submitted in that period we just stashed untill now we deployed the new design. Do your exploit still work with new design?1 reply 0 retweets 0 likes
But also being asked to close submission and resubmit for then getting it denied because new submission date is after the junction folder rule change. If there is any way that there even is remotely hint of it being not bounty eligable they will try...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.