$10k Bounty for Critical Windows Flaws

Posted by ryuzaki0 on Thursday February 16, 2006 @08:15AM from the rolling-in-the-benjamins dept.

An anonymous reader writes "iDefense, a Verisign company, is offering $10,000 to any researchers who find and report to it information on a previously unknown Windows flaw for which Microsoft later issues a "critical" advisory, according to a story over at Washingtonpost.com. Not really surprising, considering that Russian hacking groups are now paying thousands of dollars for exploits that attack unpatched holes in Windows. From the article: "Details of the flaw must be submitted exclusively to iDefense by March 31. There is no limit on the number of prizes that can be paid: if five researchers find and report five different Windows flaws for which Microsoft later issues critical advisories, all five will get paid...iDefense will change the focus of the challenge with each quarter -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities.""

2 of 138 comments (clear)

Min score:

Reason:

Sort:

Re:Linux needs a similar plan. by GigsVT · 2006-02-16 08:54 · Score: 2, Informative

Artifex does a bug bounty for ghostscript, but it's for patches, not for reports. $500 or $1000, depending on how critical a bug you fix.

--
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Re:What if five people find the same flaw? by idef · 2006-02-16 10:08 · Score: 2, Informative

Correct - "Only the initial submission for a given vulnerability will qualify for the reward. "
http://labs.idefense.com/labs.php?show=21#a21

Michael Sutton
Director, iDefense Labs