Less than a month after Trend Micro discovered Vista flaws being sold off for $50,000 in the underground market by hackers, VeriSign’s iDefense Labs has placed an $8,000 bounty on remote code execution holes in Windows Vista and Internet Explorer 7.
This is part of its three-year old Vulnerability Contributor Program which compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code.
3Com’s Zero Day Initiative is a similar program.
The first submission on any vulnerability of the above two products wins $8000 to a max of six payments. The vulnerability “must be remotely exploitable and must allow arbitrary code execution in a default installation of Vista or IE 7.0. It [must] also exist in the latest version of the two products, with all available patches/upgrades applied.”
These reward programs weren’t been well received by Microsoft. Again what remains to be seen is how the information received by iDefence and 3Com are actually going to be used.
If they responsibly alert the appropriate vendors, in this case Microsoft, then there shouldn’t be an issue as a patch can be released even before the exploits begin.
Via: eWeek
Liked this article? Subscribe to site feed
, subscribe via email or add to your Technorati favs to receive regular updates..
Post Details
- Post Date :
- Thursday, Jan 11th, 2007 at 8:20 am
- Category :
- Operating Systems and Security and Tech News and Windows
- Tags :
- internet explorer 7, Security, Windows, Windows Vista
- Do More :
- You can leave a response or a trackback from your own site.
Related Posts
Some posts related to the post you have just read:
Recent Posts
Previous and Next
Latest Five
Leave a Reply