• On CBS MoneyWatch: 5 Things You Should Buy at Walmart
February 16, 2006 3:19 PM PST

$10k bounty on 'critical' Microsoft flaws

by Joris Evers
  • Font size
  • Print
  • Post a comment

Bug hunters of the world, iDefense has another opportunity for you to cash in.

The company, part of VeriSign, has expanded its existing bug bounty program with a new "quarterly hacking challenge."

For the current quarter, iDefense will pay $10,000 for each vulnerability submission that results in the publication of a Microsoft Security Bulletin with a severity rating of critical, it said in an e-mail to a popular security mailing list on Tuesday.

In order to qualify, the vulnerability must be submitted to iDefense by midnight Eastern Time on March 31. The awards will be paid out following the publication of the Microsoft Security Bulletin. The award will be in addition to iDefense's standard bug bounty, the company said.

Microsoft doesn't agree with paying for vulnerability details, a representative said Friday. "Microsoft works closely with many security research and security software companies and does not believe that offering compensation for vulnerability information is the best way they can help protect their customers," the representative said in an e-mailed statement.

A few companies offer rewards for pinpointing software vulnerabilities. These are mostly security companies that pay for flaws found in other companies' software products. The payouts are used to gain a competitive edge over rivals by having their security products recognize more vulnerabilities.

The focus of the hacking challenge will change on a quarterly basis, Michael Sutton, director of iDefense Labs, said in an e-mail interview Thursday. "We want to encourage our contributors to target their research in areas that are of interest to our clients," he said. "Our clients have let us know that critical Microsoft vulnerabilities are of great importance to them."

iDefense customers receive advance notification of vulnerability reports along with appropriate workarounds in lieu of vendor patches, Sutton said.

All security flaws reported to iDefense are subsequently reported to the affected vendors. iDefense works with those software makers to understand the issue so a fix can be produced, Sutton said. Last year iDefense worked on the disclosure of 150 vulnerabilites, he said.

Topics:

Security,

Microsoft

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Microsoft investigates new Internet Explorer flaw
What we Craved this week: Nexus One, Netflix to Wii, bear country
Microsoft to issue IE patch for Google attack flaw
CNET News Daily Podcast: Apple music streaming gets closer?
Week in review: Challenging China
Google phasing out support for IE6
Buzz Out Loud Podcast 1150: Up the creek without a Bible
Google's challenge in China
advertisement

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET