Organization offers $20,000 for Windows flaws

Share this article:
Updated Wednesday, Jan. 16, 2008, at 5:24 p.m. EST.

A little-known cybersecurity intelligence organization is offering $20,000 to researchers who can provide exploitable vulnerabilities in Windows or a Windows Diffuse Application.

Digital Armaments will pay cash or credit to researchers who can prove and document zero-day flaws by midnight EST on Feb. 29, the group announced this month on its website.

Little information is available about the organization, which was founded in 2003 and “believes in information-sharing and proposes detailed analysis of cyberthreats and database-driven web applications,” according to its site.

During the flaw-acquisition process, Digital Armaments will make an offer for a zero-day vulnerability within five days of receiving the submission. The group will “eventually” notify the vulnerable product's vendor, and could release an advisory after the issue is patched, according to the group's website.

A Digital Armaments representative could not be reached for comment.

Digital Armaments is not the first organization to offer bounties for Windows security flaws. A year ago, VeriSign iDefense offered a total of $48,000 -- $8,000 apiece -- for the first six remotely exploitable flaws for Windows Vista and Internet Explorer 7.

Switzerland-based WabiSabiLabi launched an eBay-like marketplace last July designed to financially reward researchers while keeping sensitive information out of the hands of criminals.

Bill Sisk, Microsoft Security Response communications manager, said Tuesday that the Redmond, Wash.-based company will address any flaws that are disclosed during the contest, and encouraged researchers to follow common responsible disclosure practices. 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.