The initiative started some time ago that pays a security researcher for their work is gathering yet more steam. This time some people were offered significantly more then the paltry several thousand. It always struck me as exceedingly cheap that an exploit would be bought for only a few thousand dollars. More often then not, a lot of billable hours go into researching and developing an exploit. Were Microsoft serious about security then they would start buying exploits as well. Then again though, doing so might very well bankrupt them . Seriously though, Microsoft should start to consider paying for such exploits, or hire better talent for their Q&A.