Archive for May, 2007

iDefense offers zero-day bounty

Posted on May 18, 2007, under apache, general.

ooooh, iDefense are offering a bounty on zero-day exploitable flaws in Apache, sendmail, bind, openssh, iis and exchange. I’ve managed to contribute code in varying degrees to most of those, so what I want to know is “does it count if I add it?”.

The prize and length of time seems disproportionate with the challenge though, I don’t think it will be as hard as the ZD-net piece speculated to find zero-day flaws when sufficiently motivated. I do think it’ll easily degenerate into arguments about the nature of the flaws and their severity more than anything else, but still it’s a good thing to see.