[bathtub365]

Let’s not pretend selling to private buyers is anything other than financially motivated. I don’t think security researchers who sell their vulnerabilities to private buyers are not acting to “motivate” Microsoft in a roundabout way. Even if we assume that is their motivation, such an arrangement is obviously unethical because vulnerabilities sold in this way are weaponized to do harm against others.

[anamax]

The motivational effect is independent of their intent.

Unless you work for free, you don't get to criticize others for getting paid for their work.

[bathtub365]

> Unless you work for free, you don't get to criticize others for getting paid for their work.

This is completely ridiculous. By this reasoning we shouldn’t criticize corrupt politicians or anyone whose chosen profession means they get paid to make the world a worse place to live. I don’t think we’ll see eye to eye on any of this, I simply can’t understand any of the arguments you’ve presented to justify getting paid to make the world a more dangerous place.

[anamax]

We're not going to see eye-to-eye because you think that other folks should work for free to make Microsoft products more secure.

I think that when security problems in Microsoft products are Microsoft's responsibility and no one else's. By insisting that other people work for free to improve that security, you're arguing that other people are responsible for said security problems.

That's a curious position. You think that someone who isn't paid is responsible, but not Microsoft, who is paid.

I understand why Microsoft would like that arrangement, but why do think that anything else is wrong?

[lobocinza]

Microsoft is not a financially struggling company. I don't think management cares about security.