Archive for May, 2007
iDefense offers zero-day bounty
ooooh, iDefense are offering a bounty on zero-day exploitable flaws in Apache, sendmail, bind, openssh, iis and exchange. I’ve managed to contribute code in varying degrees to most of those, so what I want to know is “does it count if I add it?”.
The prize and length of time seems disproportionate with the challenge though, I don’t think it will be as hard as the ZD-net piece speculated to find zero-day flaws when sufficiently motivated. I do think it’ll easily degenerate into arguments about the nature of the flaws and their severity more than anything else, but still it’s a good thing to see.