$10k Bounty for Critical Windows Flaws 138
An anonymous reader writes "iDefense, a Verisign company, is offering $10,000 to any researchers who find and report to it information on a previously unknown Windows flaw for which Microsoft later issues a "critical" advisory, according to a story over at Washingtonpost.com. Not really surprising, considering that Russian hacking groups are now paying thousands of dollars for exploits that attack unpatched holes in Windows. From the article: "Details of the flaw must be submitted exclusively to iDefense by March 31. There is no limit on the number of prizes that can be paid: if five researchers find and report five different Windows flaws for which Microsoft later issues critical advisories, all five will get paid...iDefense will change the focus of the challenge with each quarter -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities.""
Remember though (Score:5, Interesting)
On second thought, maybe looking at Windows 3.0 coding errors would reveal flaws in Vista. After all, think of the WMF flaw...
Linux needs a similar plan. (Score:5, Interesting)
As open as Linux is this kind of motivation could really bring in the eyeballs to make those holes shallow and get them patched up. Make the bounty $10,000 for critical bugs and maybe $2000 for lesser security bugs. If you get the kernel patched up then start working on libraries and then apps and by then it should be time to start looking at the kernel again.
What if five people find the same flaw? (Score:5, Interesting)
Why only Windows? (Score:2, Interesting)
DMCA violation? (Score:3, Interesting)