Slashdot Mirror
VeriSign Puts Flaw Bounty on Vista and IE7
rchris1172 writes "VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. As part of its its controversial pay-for-flaw VCP (Vulnerability Contributor Program), iDefense said it will pay the reward for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of the two Microsoft products. In addition to the $8,000 award for the flaw, iDefense will pay between $2,000 and $4,000 for working exploit code that exploits the submitted vulnerability."
1. Put bounty of $8000 on bugs for Vista and IE7.
2. Get friend to go work at MSFT.
.
4. PROFIT!
-- Tigger warning: This post may contain tiggers! --
"In addition to the $8,000 award for the flaw, iDefense will pay between $2,000 and $4,000 for working exploit code that exploits the submitted vulnerability."
The company spokesman also added they'll double the bounty if the submitter already used the exploit to build a botnet and triple it if promises to use it to send a metric assload of e-mails with the subject "ha-ha" to everyone@microsoft.com.
Paying $8000 for each exploitable security flaw in Microsoft products is a quick way to put a company into bankruptcy! I noticed that the bounty only applies to the first six submissions, though, so VeriSign is only out $48000.
Who else here thinks that VeriSign will then turn around and sell the winning entries to the black market for $50000 each? hehe
Pointy Haired Boss: Our goal is to write bug-free software. I'll pay a ten dollar bonus for every bug you find and fix.
2 006/05/13/dilbert_bugFixMinivan.gif
Dilbert: Yahoo!
Alice: We're rich
Wally: Yes!!! Yes!!! Yes!!!
Pointy Haired Boss: I hope this drives the right behavior.
Wally: I'm gonna write me a new minivan this afternoon!
http://www.ourlocalstyle.com/images/uploadImages/
-Erik -- --This message was written using 73% post-consumer electrons--