eWeek : VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws
VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7.
The Reston, Va., security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay-for-flaw VCP (Vulnerability Contributor Program).
The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground sites at $50,000 a pop and illustrates the growth of the market for information on software vulnerabilities.
iDefense isn’t the only brand-name player in the market. 3Com’s TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. [Read on]