Yesterday, Microsoft Senior Vice President and General Counsel Brad Smith, standing at a podium with representatives of the US Federal Bureau of Investigation (FBI), US Secret Service, and Interpol, announced that his company will pay $5 million toward a reward program that law enforcement officials will use to help capture individuals who launch cyberattacks. The company will disperse the first two bounties, worth $250,000 each, to individuals who provide evidence that leads to the arrest of the people responsible for the MSBlaster worm and the SoBig virus; the remaining $4.5 million will be placed in a reserve fund to finance future bounties, Smith said.
"Malicious worms and viruses are criminal attacks on everyone who uses the Internet," said Smith. "Even as we work to make software more secure and educate users on how to protect themselves, we are also working to stamp out the criminal behavior that causes this problem. These are not just Internet crimes, cybercrimes, or virtual crimes. These are real crimes that hurt a lot of people. Those who release viruses on the Internet are the saboteurs of cyberspace, and Microsoft wants to help the authorities catch them."
Sponsoring a bounty program is an interesting tactic for Microsoft, which has come under fire in recent years for security problems in its software. Through its Trustworthy Computing initiative, the software giant has made huge gains in eliminating vulnerabilities in its most important software, such as Windows and Windows Server. But the MSBlaster worm and SoBig virus embarrassed the company earlier this year and caused the company to enter a new Trustworthy Computing phase, which it calls "Securing the Perimeter." Under this new phase, Microsoft is working to secure network edges, with the understanding that this policy will be easier to institute than the daunting task of ensuring that several hundred million Windows systems are up-to-date with security patches.