$10k Bounty for Critical Windows Flaws

Posted by ryuzaki0 on Thursday February 16, 2006 @08:15AM from the rolling-in-the-benjamins dept.

An anonymous reader writes "iDefense, a Verisign company, is offering $10,000 to any researchers who find and report to it information on a previously unknown Windows flaw for which Microsoft later issues a "critical" advisory, according to a story over at Washingtonpost.com. Not really surprising, considering that Russian hacking groups are now paying thousands of dollars for exploits that attack unpatched holes in Windows. From the article: "Details of the flaw must be submitted exclusively to iDefense by March 31. There is no limit on the number of prizes that can be paid: if five researchers find and report five different Windows flaws for which Microsoft later issues critical advisories, all five will get paid...iDefense will change the focus of the challenge with each quarter -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities.""

2 of 138 comments (clear)

Min score:

Reason:

Sort:

I hope they have lots of money by Apowers2023 · 2006-02-16 08:21 · Score: 0, Flamebait

Because they are certainly gonna need it.
Windows research is clearly more profitable... by ninja_assault_kitten · 2006-02-16 08:38 · Score: 0, Flamebait

This should put to rest any notion that for a researcher, it's *MUCH* more profitable to discover vulnerabilities affecting MS software than it is any other software vendor.

This trial by fire is also the reason why it's been quite some time since we've seen a blaster/sapphire-like vulnerability discovered.

There's no inherent security architecture protecting Firefox, Linux, OSX that doesn't also exist in Windows. They're merely relying on security through obscurity in a different sense. That sense being that not nearly as many researchers care of devote the time to analysis of codelines that won't be worht their while, either financially or egotistically.