Well, at the CANSECWEST security conference there is a contest underway. It involves a couple of Mac notebooks that are up for grabs if anyone can successfully exploit them. Now there seemed to be few takers, as evidenced by the lack of activity directed towards them. Things got a bit more interesting though when Tippingpoint ponied up a $10K bounty for a successful exploit against it. This still stuns me to be honest. Were I able to find and then exploit one of these Mac’s I would be darned if I would sell it for a measly $10K. Crap! Don’t people realize how much billable time goes into these bug hunts? These exploit developers are largely some very fine coders who command top dollar in the private sector. Why someone would then give up such a time intensive pursuit for what amounts to peanuts stuns me. Were Microsloth and the rest of them actually serious about security they would offer realistic amounts of money to these exploit developers. Yep, you’re right, $10K isn’t a realistic amount.