reply to SUMware
Re: Microsoft Confirms Critical 0-Day IE8 Vulnerability This Nils guy laid quite the whooping on the browsers at CanSecWest smacking IE8, Firefox and Safari, so are there any notices published concerning the other browsers?
Actually the score was IE8 (one exploit - Nils), Firefox (two exploits - Nils and Julien Tinnes but unfortunately his efforts fell outside the contest criteria and therefore could not be rewarded), Safari (three exploits, Charlie Miller, Nils and Julien Tinnes)»dvlabs.tippingpoint.com/blog/200···own-2009
Having been involved with security issues in Windows for well over ten years (even before they had MSRC (Microsoft Security Response Center), or at least an official MSRC ), Microsoft has always impressed me with how willing they are to work with 'researchers' and yes even acknowledge security issues and deal with them, rather then depending on reality distortion fields like Apple for example.
Now one comment that Charlie Miller had was interesting is that he doesn't just give his exploits away to Apple, as his thinking is Apple has people they pay to do security testing and he expects Apple to pay him for security testing (or at least the exploits he finds). I must admit having spoken recently to a number of security researchers this is becoming more of a common concern/thinking, and while I know it takes $$$ to take the time and do the research, its a fine line to walk and while I have seen it work, I've also seen an ugly side of this as well.
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool