Find a Vista or IE 7 flaw, reel in $8,000

Find a Vista or IE 7 flaw, reel in $8,000

Summary: VeriSign's iDefense Lab is paying hackers $8,000 for code execution flaws in Vista and IE7. Is this behavior we should encourage?

SHARE:
TOPICS: Security
3

VeriSign's iDefense Lab is paying hackers $8,000 for code execution flaws in Vista and IE7.

Is this behavior we should encourage? If it serves the greater good I suppose, but it feels  strange. 

The rules of engagement from the quarterly iDefense vulnerability challenge

iDefense will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of these two products. Only the first submission for a given vulnerability will qualify for the award, and iDefense will award no more than six payments of $8,000. If more than six submissions qualify, the earliest six submissions (based on submission date and time) will receive the award.

And you get bonuses of $2,000 to $4,000 for working exploit code for the submitted vulnerability.

[poll id=39] 

eWeek's Ryan Naraine notes that iDefense isn't the only outfit offering flaw bounties.

3Com's TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure process—handling the process of coordinating with the affected vendor—and use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to third parties.

Needless to say, Microsoft is not too pleased with these flaw bounties, but that's not all too surprising. It's debatable whether these contests help protect the public. But then again Microsoft's inability to patch current critical flaws isn't helping much either. 

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • 2 votes = 150%?

    Someone care to `splain!? ]:)
    Linux User 147560
    • this is George Ou math...

      that about sums it up;)
      Monkey_MCSE
  • it should have been worded differntly

    o [b]Yes[/b] (but only with Vista, It is wrong when it applies to OSX), it will make software better.
    o [b]No[/b] It's unproductive

    Isn't this similar to the Month of Bugs (or whatever)
    John Zern