That's right, a sum of $10,000 to someone who demonstrates a previously unknown flaw in Windows to iDefense by March 31st. So long as the flaw is serious enough to earn a “critical” rating from Microsoft, it qualifies, and more than one person can step up to the challenge and win.
Michael Sutton, director of iDefense Labs, said the company opted to focus the hacking challenge on Microsoft because most of its clients "are heavy Microsoft shops and we wanted to target this initiative to align with their interests." iDefense will change the focus of the challenge with each quarter, Sutton said -- the next challenge may focus on another vendor, or it may just center on particular class of vulnerabilities. So far, Sutton said, the company has received a number of inquiries from researchers since it launched the program on Tuesday.
A strange way to do bug testing, and quite expensive should a few people strike exploit territory. The full $10,000 isn't automatic, with the “value” of the exploit determining the pay rate, and what exactly constitutes an exploit is up in the air, as we all know that many are found each year that require patching, though some are due to external influences such as viruses. A bold way to probe security, for sure. This may just be a PR stunt, but the company is taking themselves very seriously.