VeriSign offering $8,000 for Vista and IE7 exploits

#1

By Justin Mann, TechSpot.com
Published: January 10, 2007, 8:28 PM EST

Bug hunters could turn in to bounty hunters with the release of Vista coming up, as VeriSign extends their pay-for-flaws program that promises $8,000 for exploits. For certain types of exploits, found in either Vista or Internet Explorer 7, the company is offering cash for disclosure. Likely this is a stepped up response to the increasing reports of underground sites selling zero-day exploits. With the release of a new OS and its impending rollout onto many machines, it's likely that many vulnerabilities could be dormant and this gives some who might choose to exploit a chance to benefit themselves and the community instead. For those enterprising researchers and hackers, it also gives them a chance to get a return on their skills:

The rules are straightforward: iDefense will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of the two Microsoft products.
Only the first submission for a given vulnerability will qualify for the payout, and iDefense will award no more than six payments of $8,000.

The rules only apply to official versions, not release candidates or betas. Microsoft frowns upon this activity, but given their history of long delays between patch cycles and slow responses to critical flaws, one can hardly blame a third party looking for aggressive ways to fight those who would seek to damage their systems.

Source: techspot.com

Related article: eweek.com

#2

Saw this today too - you're pretty speedy now, BlindG, heh

I'm sure this is Microsoft pushing VeriSign to get the exploits purchased and patched - if you remember a while back, there were many undisclosed IE7and Vista bugs going around with a price tag? I'm assuming they're attempting to target those.

#3

I'm really loving the fact they are pushing Vista to be secure...It's the only thing I find attractive about it at the moment...

I read too, that they had the gov't intelligence agency working on Vista as well...

#4

QUOTE(WAI @ Jan 11 2007, 03:32 AM) Saw this today too - you're pretty speedy now, BlindG, heh

Shere luck /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" /> Nothing more, I assure you /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />

QUOTE(WAI @ Jan 11 2007, 03:32 AM) I'm sure this is Microsoft pushing VeriSign to get the exploits purchased and patched - if you remember a while back, there were many undisclosed IE7and Vista bugs going around with a price tag? I'm assuming they're attempting to target those.

That's a chance too.
In general they are just adding publicity to Vista beeecaaauuuuseeeee

There AIN'T such thing like "bad publicity" /tongue.gif" style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" />

QUOTE(AYHJA @ Jan 11 2007, 08:20 AM) I'm really loving the fact they are pushing Vista to be secure...It's the only thing I find attractive about it at the moment...

I read too, that they had the gov't intelligence agency working on Vista as well...

Secure=good
Government intelligence agency working on a public os for all around the world=not good /tongue.gif" style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" />