Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

$10k Bounty for Critical Windows Flaws 138

Posted by CmdrTaco from the rolling-in-the-benjamins dept.
An anonymous reader writes "iDefense, a Verisign company, is offering $10,000 to any researchers who find and report to it information on a previously unknown Windows flaw for which Microsoft later issues a "critical" advisory, according to a story over at Washingtonpost.com. Not really surprising, considering that Russian hacking groups are now paying thousands of dollars for exploits that attack unpatched holes in Windows. From the article: "Details of the flaw must be submitted exclusively to iDefense by March 31. There is no limit on the number of prizes that can be paid: if five researchers find and report five different Windows flaws for which Microsoft later issues critical advisories, all five will get paid...iDefense will change the focus of the challenge with each quarter -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities.""
This discussion has been archived. No new comments can be posted.

$10k Bounty for Critical Windows Flaws More

$10k Bounty for Critical Windows Flaws

Comments Filter:

  • Remember though (Score:5, Interesting)

    by saskboy ( 600063 ) on Thursday February 16, 2006 @04:19PM (#14736198) Homepage Journal
    If you're in the hunt, don't focus on Windows 3.1 or ME, since as of June 30, 2006 Windows will no longer be issuing critical warnings for either of those Operating Systems even if they know they exist. Well they might issue one out of the goodness of their hearts to encourage an upgrade to X...err Vista, but there will be no official patch.

    On second thought, maybe looking at Windows 3.0 coding errors would reveal flaws in Vista. After all, think of the WMF flaw...

  • Linux needs a similar plan. (Score:5, Interesting)

    by MikeFM ( 12491 ) on Thursday February 16, 2006 @04:23PM (#14736241) Homepage Journal
    This is what Linux companies should be doing. Pay developers that find an exploit in Linux a couple thousand dollars and make sure the hole gets fixed quickly. Obviously then it becomes a race for the companies to have their own employees find and fix the holes before outside developers do the same. Maybe have some lesser (since they're already getting a paycheck) bounty available to their own employees that find the holes and fix them.

    As open as Linux is this kind of motivation could really bring in the eyeballs to make those holes shallow and get them patched up. Make the bounty $10,000 for critical bugs and maybe $2000 for lesser security bugs. If you get the kernel patched up then start working on libraries and then apps and by then it should be time to start looking at the kernel again.

  • What if five people find the same flaw? (Score:5, Interesting)

    by autopr0n ( 534291 ) on Thursday February 16, 2006 @04:32PM (#14736313) Homepage Journal
    I mean, couldn't someone find a flaw, get together with 10 of his friends, and everyone reports it independantly? What happens then?

  • Why only Windows? (Score:2, Interesting)

    by feranick ( 858651 ) on Thursday February 16, 2006 @04:46PM (#14736457)
    Maybe I am provocative... Anyway: when are we going to have similar initiatives for OSX or linux?

  • DMCA violation? (Score:3, Interesting)

    by sl4shd0rk ( 755837 ) on Thursday February 16, 2006 @07:10PM (#14737763)
    Do the world a great service by finding windows bugs and then take it up the ass for 15 years when Shyster H. Lawyer decides to prosecute under the dmca because you took apart some binaries. Don't agree? Why do you think symantec and friends didn't want to mess with the BMG fiasco? Same reason. Microsoft made this mess, let them straighten it out.

Slashdot Top Deals

One way to make your old car run better is to look up the price of a new model.

Close