Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days (bleepingcomputer.com)

Posted by msmash on from the there-is-a-reward dept.

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux distros such as Ubuntu, CentOS, Debian, and Tails. From a report: The offer, first advertised via Twitter earlier this week, is available as part of the company's latest zero-day acquisition drive. Zerodium is known for buying zero-days and selling them to government agencies and law enforcement. The company runs a regular zero-day acquisition program through its website, but it often holds special drives with more substantial rewards when it needs zero-days of a specific category. The US-based company held a previous drive with increased rewards for Linux zero-days in February, with rewards going as high as $45,000. In another zero-day acquisition drive announced on Twitter this week, the company said it was looking again for Linux zero-days, but also for exploits targeting BSD systems. This time around, rewards can go up to $500,000, for the right exploit.

2 of 91 comments (clear)

  1. Poettering says security isn't their job by raymorris · · Score: 3, Informative

    > now... let me see the quality of systemd code

    That's where I would go looking. Lennart Poettering has been pretty clear that his perspective is that it's not his job, or the job of the systemd developers, to write secure, robust code. It's the job of the annoying security people to point out the security issues and then convince him that the problem is so bad it absolutely must be fixed - even though that takes up time that could instead be used to make systemd bigger and more comprehensive.

    The last time I saw a similarly bad attitude about security was WordPress about 12 years ago. The leadership at WordPress got a better attitude after the media reported widespread exploits of exactly the kinds of exposures I had warned them about a couple years before.

  2. Pwnie award for "lamest vendor" by raymorris · · Score: 4, Informative

    This article has several links to Poettering responding to security bugs, and what he what he's (not) going to do to fix problems, or note any fixes in the changelings or commit messages. This is why he won the Pwnie award for lamest vendor response to security issues.

    https://www.theregister.co.uk/...