@your_mom1 @Too-DementeD I do understand. I'm just pointing out that the letter says that "People who do discover security flaws and WANT TO DO THE RIGHT THING and report them are not sure where to turn." then it goes on to talk about how the rewards are unjust. It feels like they're not sure what their main message is here. Is it about how people with a sense of decency and morals to report a bug they've found can't find out how to contact Valve? or is it about how those that know how to get in touch with them, don't get rewarded enough for it?
In short, of course if there was more of an incentive to report bugs then it's highly likely that people would report them than if there isn't much incentive at all, but those 'security researchers' you talk about aren't exactly looking for bugs out of the kindness of their hearts... they're doing it for self-interest as opposed to what this letter talks about; i.e. "Doing the right thing"
Wait, am I missing something or does it say that the primary concern here is that people don't get rewarded enough for reporting the bugs?
Not only that but... "People who do discover security flaws and want to do the right thing and report them are not sure where to turn, and usually don't get rewarded." That makes absolutely no sense. If they didn't know where to turn, they wouldn't have been able to report it and 'fail to get a reward' for reporting it to begin with.
While it is true that finding where to send them bug reports isn't upfront and splashed on their page somewhere, it's not impossible to find out either. I mean come on now... on the steam support page, there's a part where you can contact them for all things related to steam, including security issues. Even if that isn't the correct place to tell them about it, surely they would tell you what you have to do and point you in the right direction.
I'm not saying Valve are doing everything right, but they sure aren't doing as terrible as that open letter makes them out to be.
Honestly feels like the people who wrote that letter just want more than they were given for bugs they've submitted (The majority of them by the way work on the TF2 wiki, and since they point out that the only rewards they get are TF2 hats, two plus two makes four).
Why? Just why? When they said they wanted to up their gaming presence on PC, I thought they meant releasing more PC games developed by Microsoft Studios... not keeping a service that just about everybody hates, alive.
Too-DementeD's comments