On the other hand, the only way to force a company react promptly is to publish the exploit.
In this case the exploit was apparently self-evident to nearly any technical mind -- I think that even I understood how simple and naive the bug was -- so you could safely assume that loads of fraudsters would've been milking the system while the bug report would slowly snake through the internal organs of Microsoft before eventually landing on some engineer's table.
It's only saddening that the first reaction is through legal department. Or did Microsoft say somewhere they fixed this already? Or take down the Bing Cashback until the issue is resolved?
In this case the exploit was apparently self-evident to nearly any technical mind -- I think that even I understood how simple and naive the bug was -- so you could safely assume that loads of fraudsters would've been milking the system while the bug report would slowly snake through the internal organs of Microsoft before eventually landing on some engineer's table.
It's only saddening that the first reaction is through legal department. Or did Microsoft say somewhere they fixed this already? Or take down the Bing Cashback until the issue is resolved?