Have You Got the Winning Bug?Have You Got the Winning Bug?
iDefense contest offers up to $12,000 for security bug plus exploit code
November 1, 2007
This time, email is the target: iDefense this week issued its latest quarterly vulnerability challenge to hackers, and this time it's looking for new remote code execution bugs in specific email clients and servers.
The contest focuses on the most popular email packages, including Microsoft Outlook, Mozilla Thunderbird, Microsoft Outlook Express, Sendmail SMTP daemon, and Microsoft Exchange Server.
iDefense's previous zero-day bug-hunting contest gave out awards for bugs in core Internet and intranet applications. (See iDefense Offers Bucks for New Bugs.) The email bug challenge offers between $8,000 and $12,000 -– the winning submission gets $8,000, plus another $1,000 to $4,000 for proof-of-concept exploit code, depending on the reliability and quality of the POC.
Critics say bug contests are more a marketing ploy, and don't always yield quality research, but iDefense contends that it practices responsible disclosure, and alerts both the affected vendor and its customers simultaneously of a new zero-day.
The vulnerability must be for the latest (and fully patched) version of the designated email products, must be remotely exploitable, and must execute code on the targeted email client or server. Social engineering is prohibited: "In the context of this challenge only, exploitation includes the act of exploiting an e-mail client by opening the e-mail message with the default handler," according to iDefense's rules.
The bugs have to be original and not disclosed anywhere previously, and can't use or be caused by any third-party software on the target email client or server. The deadline is before midnight EST on December 31.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks