$12,000 for a serious Vista or IE 7 bug

Bug hunters of the world, VeriSign's iDefense has an updated for you.

For the current quarter, the company will pay $8,000 for a security vulnerability that lets an attacker remotely gain control over a computer running Microsoft's Windows Vista or Internet Explorer 7, the company said on its Web site. iDefense will pay for a maximum of six vulnerabilities, if more are reported only the first six will qualify, it said.

In addition to the $8,000 award for the submitted vulnerability, iDefense will pay between $2,000 and $4,000 for working exploit code that exploits the submitted vulnerability, the company said.

Internet Explorer 7 is the latest version of Microsoft's widely used Web browser and Vista is the newest release of its operating system. Microsoft has promoted both as its best work yet in terms of browser and operating system security.

The "quarterly hacking challenge" is part of iDefense's . The company started the challenges last year. Previous ones focused on Microsoft software in general, databases, Web browsers and instant message applications. The typical bounty has always been $10,000.

A few companies offer monetary rewards for pinpointing software vulnerabilities. These are mostly security companies that pay for flaws found in other companies' software products. The payouts are used to gain a competitive edge over rivals by having their security products recognize more vulnerabilities. The security companies typically report the issues to the applicable vendors so a patch can be produced.

Flaw finders could also sell vulnerability information to cybercrooks on underground online markets.

Microsoft doesn't agree with paying for vulnerability details, the company has said. Instead, the company works with security research and security software companies.

Close
Drag