alt Hacker Newsthis is from 2010 but says that microsoft was not going to pay bug bounties https://www.computerworld.com/article/1510124/microsoft-no-m...
did they start to do that at some point, or is this a pressure (blackmail?) campaign to get the to do that? I have no love for, but rather hate for, Microsoft, so I'm not suggesting blackmail in the sense of defending them, but it's something they could claim.
this is on Microsoft's website, they don't promise much for CVD
They’re supposed to.
Instead they have a reputation for telling researchers that their disclosure isn’t actually a vulnerability and doesn’t qualify for a bounty or recognition, then quietly patching said non-vulnerability with a suspicious degree of urgency.