iDefense who created the waves in the security world by introducing the vulnerability research program has started new game for researchers to find out the remotely exploitable flaw in critical internet applications. The game is open for second & third quarters of this year giving ample time for researchers to find the vulnerability.
Following are the list of applications set for the challenge
* Apache httpd
* Berkeley Internet Name Domain (BIND) daemon
* Sendmail SMTP daemon
* OpenSSH sshd
* Microsoft Internet Information (IIS) Server
* Microsoft Exchange Server
A vulnerability in any of the above applications will be rewarded with $16000 and there is additional amount of $2000 to $8000 for POC exploit code submitted for the same based on various factors such as reliability, quality etc.
With most of the buffer overflows getting disappeared which were fairly easy to exploit compared to other methods, its difficult to find new vulnerability and writing a successful exploit is even bigger challenge. There is need for inventing new techniques of exploitation and this challenge may give rise to one or more such methods.
Though one can earn more money by selling the vulnerabilities in black market, iDefense provides much better platform for responsible disclosure. Moreover its not just about the money but also the fame…!
– Nagareshwar Talekar