IDefense Labs is offering more than US$50,000 to researchers who submit serious flaws in Windows Vista and Internet Explorer 7, as part of a challenge designed to beef up the company's security products.
IDefense, part of VeriSign, is offering US$8,000 for the first six serious vulnerabilities, as well as a bonus of US$2,000 to US$4,000 for working exploit code. The offer applies to bugs that are remotely exploitable in a default installation of Vista or IE 7 with all patches applied, the company said.
While the numbers might seem significant, they pale in comparison to black-market prices -- Trend Micro last month discovered that Vista exploits were being offered for sale on underground sites for US$50,000 each.
The offer runs through March 31 and is one of a series of quarterly "hacking challenges" intended to lure researchers to iDefense's Vulnerability Contributor Program (VCP). Such programs, including TippingPoint's Zero Day Initiative, typically give security companies exclusive control over disclosure and allow them to improve their own security software.
"Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty," iDefense said in a statement. The company said it hopes to "help assuage this uncertainty".
Microsoft, on the other hand, said it doesn't necessarily appreciate iDefense's efforts.
"Microsoft does not offer compensation for information regarding security vulnerabilities and does not encourage that practice," the company stated.