Washington Post blog covers the iDefense $10K bug bounty

["Richard M. Smith" <rms () bsf-llc com>]

http://blog.washingtonpost.com/securityfix/2006/02/wanted_critical_windows_f
law_r.html

Wanted: Critical Windows Flaw ... Reward: $10,000


iDefense, the Reston, Va.-based vulnerability research company recently
bought up by Verisign Inc., is offering $10,000 to any hackers who can find
a previously unknown security hole in Microsoft's Windows operating system. 

Here's the catch: The flaw must earn a "critical" rating from Redmond
(Microsoft rates security holes as critical if they could be used by a
computer worm to spread without any action on the part of the user). Details
of the flaw must be submitted exclusively to iDefense by March 31. There is
no limit on the number of prizes that can be paid: if five researchers find
and report five different Windows flaws for which Microsoft later issues
critical advisories, all five will get paid. More details are
<http://labs.idefense.com/vcp.php> here.

Michael Sutton, director of iDefense Labs, said the company opted to focus
the hacking challenge on Microsoft because most of its clients "are heavy
Microsoft shops and we wanted to target this initiative to align with their
interests." iDefense will change the focus of the challenge with each
quarter, Sutton said -- the next challenge may focus on another vendor, or
it may just center on particular class of vulnerabilities. So far, Sutton
said, the company has received a number of inquiries from researchers since
it launched the program on Tuesday. 

...

 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.