

Mail.Ru launches vulnerability reward program - melvinsh
http://www.microsofttranslator.com/bv.aspx?&lo=SS&from=ru&to=en&a=http%3A%2F%2Fcorp.mail.ru%2Fru%2Fpress%2Freleases%2F9064%2F

======
nobodyshere
Too late. Their security reputation has been terrible for over 5 years I
guess. Quite a few services therefore do not allow a mail.ru email address for
registration. One more point in their announcement is laughable because of how
it contradicts itself. 1\. По условиям конкурса, участники смогут рассказать
об обнаруженных уязвимостях спустя три месяца после отправки сообщения. - That
one says hackers will be able to publish their vulnerabilities within 3 months
after reporting said vulnerabilities. 2\. Таким образом Mail.Ru Group
обязуется быстро исправить любые найденные ошибки - And here they say they
will be obliged to promptly fix any found errors. Are they saying they will
promptly within 3 months fix vulnerabilities? Ok, if they fix them the
following day after they get the report, what's the point in keeping a hacker
silent? I just don't understand those guys.

