$12,000 for a dangerous Vista or IE 7 bug

Bug hunters of the world, VeriSign’s iDefense has an updated bug bounty challenge for you.

For the current quarter, the company will pay $8,000 for a security vulnerability that lets an attacker remotely gain control over a computer running Microsoft’s Windows Vista or Internet Explorer 7, the company said on its Web site. iDefense will pay for a maximum of six vulnerabilities if more are reported only the first six will qualify, it said.

In addition to the $8,000 award for the submitted vulnerability, iDefense will pay between $2,000 and $4,000 for working exploit code that exploits the submitted vulnerability, the company said.

Internet Explorer 7 is the latest version of Microsoft’s widely used Web browser and Vista is the newest release of its operating system. Microsoft has promoted both as for its best work yet in terms of browser and operating system security.

The “quarterly hacking challenge” is part of iDefense’s existing bug bounty program. The company started the challenges last year. Previous ones focused on Microsoft software in general, databases, Web browsers and instant message applications. The typical bounty has always been $10,000.

…

[Cnet]