The initiator of the auction for the detailed vulnerability in Microsoft’s popular spreadsheet program argues that 1 cent is a “fair price for any product from the software company”.
As of now, the amount has risen to over $60.
The vulnerability, discovered on December 6, has not yet been widely disclosed. The seller stated, “All information has been sent to Microsoft. The reply I received indicates they have just begun to research a fix. I can confirm that there will be no patches in the next few months.”
This individual claims that a portion of the proceeds will be contributed to open-source projects, and will also “consider” a 10% discount if any Microsoft official agrees to a price. “To prove you are indeed from the software company, you must transact using an email address ending in @microsoft.com and mention the ‘discount code’ LINUXRULZ during checkout,” the seller requested.
Anyone participating in the auction must commit to not using the information for malicious purposes but solely for educational and research purposes. The winner will receive two Excel files: an original document and an edited copy that demonstrates the vulnerability.
