Bug hunters could turn in to bounty hunters with the release of Vista coming up, as VeriSign extends their pay-for-flaws program that promises $8,000 for exploits
. For certain types of exploits, found in either Vista or Internet Explorer 7, the company is offering cash for disclosure. Likely this is a stepped up response to the increasing reports of underground sites selling zero-day exploits. With the release of a new OS and its impending rollout onto many machines, it's likely that many vulnerabilities could be dormant and this gives some who might choose to exploit a chance to benefit themselves and the community instead. For those enterprising researchers and hackers, it also gives them a chance to get a return on their skills:
The rules are straightforward: iDefense will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of the two Microsoft products.
Only the first submission for a given vulnerability will qualify for the payout, and iDefense will award no more than six payments of $8,000.
The rules only apply to official versions, not release candidates or betas. Microsoft frowns upon this activity, but given their history of long delays between patch cycles and slow responses to critical flaws, one can hardly blame a third party looking for aggressive ways to fight those who would seek to damage their systems.