Its a move in the right direction, but I'd still like to see Microsoft offer something in a way of payment for those that do find vulnerabilities in their products - they do after all face the widest range of attacks due to the market share of the majority of the products they develop and sell.