$ 12,000 for a vulnerability in Vista or IE7

It is the award that security firm iDefense (of VeriSign) will give to those who discover a serious vulnerability in Vista or Internet Explorer (IE) 7.

Specifically, in the first quarter of the new year, iDefense will pay $ 8,000 for a security vulnerability that allows remote attackers to take control of all computers running Microsoft Windows Vista or IE7. In addition to this amount, iDefense will pay an additional $ 2,000-4,000 for the exploit code to attack this vulnerability.

iDefense will award up to six most serious vulnerabilities and be sent as soon as possible. In case there are many reports of vulnerabilities sent, there are still only 6 selected vulnerabilities according to this criterion.

" Quarterly hack challenge " is part of the iDefense vulnerability program launched last year. In the first phase, the program mainly focused on vulnerabilities in Microsoft software, databases, Web browsers and IM applications. The average previous award is $ 10,000.

Several major security firms now often award prizes to those who discover vulnerabilities in software applications, mostly from other vendors. This move aims to increase the prestige of its products against competitors because of its ability to identify more holes. Security firms often report vulnerabilities to software developers to fix bugs.

People who discover vulnerabilities can also sell information to hackers or the underworld to make money.

Meanwhile, Microsoft does not agree with the type of payment for vulnerability information, but instead it cooperates with other security research companies.