I know that Microsoft normally holds conventions to try and present security exploits, but I don’t think that is enough. They should have better prepared Vista by holding contests similar to this and to try and draw the fatal flaws out before it was even released…which would surely help make it the securest version of Windows yet.

They did, sort of. They did offer their developers a couple hundred bucks per bug found for a short time. The developers were suppose to find these bugs while not at work.

There’s no need for Microsoft to pay when others are willing to fork out money and do the work on their behalf!

Now, one has to ask, “Is this smart business or is Microsoft being short-sighted?”

I understand MS doesn’t want to encourage the bad guys to find/publish exploits but they are going to do it any way. Microsoft should provide an incentive to researchers (honest ones) to help find exploits before the dishonest (blackhat hackers) do.

I don’t understand how VeriSign benefit except for image-wise.

An unsafe web is bad for business. If people felt that e-commerce was not safe they would not shop online. If no one is shopping online they VeriSign would sell fewer SSL certificates. Of course, VeriSign does more then sell SSL certificates but the idea is the same; an unsafe web is bad for business and buggy MS software endangers web surfers.