Comment Economic vs Social contracts (Score 1) 148
I remember reading a Chapter from Freakonomics describing how temporarily imposing an economic contract (X happens, Y dollars change hands) on what had formerly been a social contract (X happens, you should feel proud/guilty) ended up permanently voiding the social contract.
While it's probably the case that MS is some combination of "Afraid bounties would bankrupt them" and "Using obscurity in place of security" and "Everything you don't want to be", I do wonder if they might accidentally be doing the Right Thing. Probably not, of course, but what if Mozilla and Google's Big Bounties actually ended up damaging the motivation of those who search for and report vulnerabilities because it's the right thing to do?
Anyone know how many other companies have substantial vulnerability bounties? Moreover, anyone know if there's any research on possible links between bounty offers and useful reports?