VeriSign's iDefense unit is offering an $8,000 bounty to researchers who discover previously undocumented vulnerabilities in either Windows Vista or IE7.
The flaws need to be serious enough to allow the remote execution of malware on up-to-date installations of the targeted platforms. Bugs that only crash systems, require social engineering tricks, have been previously disclosed or rely on interactions between Microsoft's software and third-party products won't qualify for payment.
But for researchers who submit their zero-day vulnerabilities alongside working exploit code additional payments of up to $4,000 are on offer via iDefense's controversial Vulnerability Contributor Program. Submissions need to be made before the end of March to qualify. Only the first six correct entries will qualify for the loot.
VeriSign said the rewards on offer through the program will help "assuage uncertainty" about Redmond's software. The scheme also likely to boost the division's profile in the crowded IT security biz, arguably its main motive for staging the competition.
More details about iDefense's vulnerability challenge can be found here. ®