VeriSign iDefense offers $48,000 for Vista, Internet Explorer 7 vulnerabilities

Share this article:

VeriSign's iDefense Labs is offering a total of $48,000 in awards for remotely exploitable vulnerabilities in the new Windows Vista operating system and Internet Explorer 7.0.

The pot of cash is open to those willing to undertake iDefense Labs' first quarterly vulnerability challenge of 2007. The company explained that it will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute code on either of the two Microsoft products. It will award researchers for the first six vulnerabilities submitted that qualify.

In an announcement on the iDefense Labs website, the company said that the challenge is designed to ferret out early weaknesses in both Microsoft releases.

"It is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty," read the note. "Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products."

The challenge is open through Mar. 31. In addition to the awards, iDefense Labs said it will also pay a bonus of between $2,000 to $4,000 for code that exploits the submitted vulnerability.

Microsoft has long been a critic of programs, such as iDefense Labs' quarterly challenges, which pay researchers for vulnerabilities.

"Microsoft is aware of iDefense offering compensation for information regarding security vulnerabilities," a company spokesperson told today. "Microsoft does not offer compensation for information regarding security vulnerabilities and does not encourage that practice. Microsoft doesn't want to speculate on the motives of third-party researchers but will say that (it) is committed to working with them closely on the issues that they bring to our attention."

The spokesperson went on to say that the company "does not oppose programs that work through the established process for responsible disclosure and do not put customers at risk."

Click here to email West Coast Bureau Chief Ericka Chickowski.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.