funsec mailing list archives
Washington Post blog covers the iDefense $10K bug bounty
From: "Richard M. Smith" <rms () bsf-llc com>
Date: Thu, 16 Feb 2006 15:38:30 -0500
http://blog.washingtonpost.com/securityfix/2006/02/wanted_critical_windows_f law_r.html Wanted: Critical Windows Flaw ... Reward: $10,000 iDefense, the Reston, Va.-based vulnerability research company recently bought up by Verisign Inc., is offering $10,000 to any hackers who can find a previously unknown security hole in Microsoft's Windows operating system. Here's the catch: The flaw must earn a "critical" rating from Redmond (Microsoft rates security holes as critical if they could be used by a computer worm to spread without any action on the part of the user). Details of the flaw must be submitted exclusively to iDefense by March 31. There is no limit on the number of prizes that can be paid: if five researchers find and report five different Windows flaws for which Microsoft later issues critical advisories, all five will get paid. More details are <http://labs.idefense.com/vcp.php> here. Michael Sutton, director of iDefense Labs, said the company opted to focus the hacking challenge on Microsoft because most of its clients "are heavy Microsoft shops and we wanted to target this initiative to align with their interests." iDefense will change the focus of the challenge with each quarter, Sutton said -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities. So far, Sutton said, the company has received a number of inquiries from researchers since it launched the program on Tuesday. ...
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Washington Post blog covers the iDefense $10K bug bounty Richard M. Smith (Feb 16)