Microsoft won’t follow Mozilla and Google in paying researchers for reporting vulnerabilities. Mozilla hiked Firefox bounties for bugs rated “critical” and “high” to $3,000. Microsoft pitches a new name for “responsible disclosure” Microsoft urges researchers to report any way they want to report flaws, including using the CERT-CC-CC to report them to the appropriate vendor. Microsoft: “Not all researchers are financially motivated,” Microsoft Security Research Center director Mike Reavey says. Microsoft also offers employment opportunities for researchers as contractors and members of its team.”]
Source: https://www.csoonline.com/article/2125387/microsoft–no-money-for-bugs.html