When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws

Thanks to ThePitt for posting this in BPN.

VeriSign's iDefense Labs is offering money for remote code execution holes in Windows Vista and Internet Explorer 7 as a part of its pay-for-flaw VCP (Vulnerability Contributor Program) challenge. Via its Zero Day Initiative, 3Com's TippingPoint also pays researchers for exclusive rights to advance notification of unpublished vulnerabilities or exploit code. Once the companies have the vulnerability, they coordinate the process with the affected vendor, improve their own security software and resell it.

"Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty. Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products," iDefense said in a note announcing the bounty.

iDefense will pay $8,000, only up to six times, to the hacker that finds a unique vulnerability allowing an attacker to remotely exploit and execute arbitrary code on a default up-to-date and patched installation of either of the two Microsoft products. An extra sum between $2,000 and $4,000 (based on readability and documentation) will be offered for working exploit code that exploits the submitted vulnerability. Microsoft is not amused and believes an update for the software should be priority, not compensation for vulnerability information.

News source: eWeek

Report a problem with article
Next Article

Hellgate: London Multiplayer - Not Pay To Play? Huh?

Previous Article

Cisco Sues Apple Over Use of iPhone Name

Join the conversation!

Login or Sign Up to read and post a comment.

11 Comments - Add comment