Following the lead of Google and other software companies, Microsoft has announced a new program that will reward security researchers who help to identify and fix security vulnerabilities in Microsoft products, with rewards up to $150,000 (which includes a bonus for proactive defensive measures that will prevent similar future exploits).
For the past few years, Google has been rewarding those who find and report vulnerabilities in services such as Gmail and Google Wallet. This month they announced that the program has been a great success and consequently, they are increasing the cash award amounts.
Well, at the CANSECWEST security conference there is a contest underway. It involves a couple of Mac notebooks that are up for grabs if anyone can successfully exploit them. Now there seemed to be few takers, as evidenced by the lack of activity directed towards them. Things got a bit more interesting though when Tippingpoint ponied up a $10K bounty for a successful exploit against it. This still stuns me to be honest. Were I able to find and then exploit one of these Mac’s I would be darned if I would sell it for a measly $10K. Crap! Don’t people realize how much billable time goes into these bug hunts? These exploit developers are largely some very fine coders who command top dollar in the private sector. Why someone would then give up such a time intensive pursuit for what amounts to peanuts stuns me. Were Microsloth and the rest of them actually serious about security they would offer realistic amounts of money to these exploit developers. Yep, you’re right, $10K isn’t a realistic amount.
Technorati Tags: Mac book, CANSECWEST, Tippingpoint, Exploit development
Intrusion Detection Systems are used to detect malicious activity on your network. This Intrusion Detection Systems FAQ explains different types of network attacks and how to detect them.
