$8Gs to Hack??? Its not about the $$$
January 2007
VeriSign offers hackers $8,000 bounty on Vista, IE 7 flaws.
VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer (IE) 7. The Reston, VA, security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay_for_flaw Vulnerability Contributor Program. The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground sites at $50,000 a pop and illustrates the growth of the market for information on software vulnerabilities. iDefense isn't the only brand_name player in the market. 3Com's TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure process __ handling the process of coordinating with the affected vendor __ and use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to
third parties.
Source: http://www.eweek.com/article2/0,1895,2082014,00.asp
VeriSign offers hackers $8,000 bounty on Vista, IE 7 flaws.
VeriSign's iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer (IE) 7. The Reston, VA, security intelligence outfit threw out the monetary reward to hackers as part of a challenge program aimed at luring researchers to its controversial pay_for_flaw Vulnerability Contributor Program. The launch of the latest hacking challenge comes less than a month after researchers at Trend Micro discovered Vista flaws being hawked on underground sites at $50,000 a pop and illustrates the growth of the market for information on software vulnerabilities. iDefense isn't the only brand_name player in the market. 3Com's TippingPoint runs a similar program, called Zero Day Initiative, that pays researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code. The companies act as intermediaries in the disclosure process __ handling the process of coordinating with the affected vendor __ and use the vulnerability information to beef up protection mechanisms in their own security software, which is sold to
third parties.
Source: http://www.eweek.com/article2/0,1895,2082014,00.asp
posted by arkietechs at 7:41 AM
0 Comments:
Post a Comment
<< Home