VeriSign Offers Reward for Holes
The company's iDefense Labs is offering an $8,000 bounty on remote code execution holes in Microsoft's Windows Vista and Internet Explorer 7.VeriSigns iDefense Labs has placed an $8,000 bounty on remote code execution holes in Microsofts Windows Vista and Internet Explorer 7. The Reston, Va., security intelligence outfit offered the monetary reward to hackers Jan. 10 as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw Vulnerability Contributor Program. The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground Web sites at $50,000 apiece and illustrates the market growth for information on software vulnerabilities.
iDefense isnt the only brand-name player in the market. 3Coms Tipping-Point runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure processhandling the process of coordinating with the affected vendorand use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to third parties.