VeriSign Puts Flaw Bounty on Vista and IE7

rchris1172 writes "VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7. As part of its its controversial pay-for-flaw VCP (Vulnerability Contributor Program), iDefense said it will pay the reward for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of the two Microsoft products. In addition to the $8,000 award for the flaw, iDefense will pay between $2,000 and $4,000 for working exploit code that exploits the submitted vulnerability."

Only 8k?

Only 8k for bugs which go on the market for 15-100k each exploit? Surely you jest, no self righteous will go for such a scam.

Re:Only 8k?

[WK1]

I assume Verisign will actually pay you, while the mob might not. The mob may also turn you in in the future to save their own butts.

Most criminals will actually buy their own stuff, even though they could just steal it. There are advantages to doing things the legal way. Crime pays, but only until you get caught.

The ping of death

[compandsci]

I remember that win 95 had a flaw that allowed anyone to DoS the computer over the network.
This was hilarious to use at the LAN parties.

It would be good fun if someone found a similar flaw with vista and wrote a Linux client for it :)

Not going to work

[AngryDad]

iDefense ask you to provide all your background information, names, addressess, telephones, photocopies of IDs, etc. Most people who can find vulnerabilities will not be willing to sacrifice their privacy. When iDefence and alike will only ask for e-mail address to paypal funds to, I'd be first in line to talk to them.