14 DAY TRIAL // There are always leftovers and crumbs from the Windows feast. And one nasty crumb of the Windows operating system can go as high as $20,000. This is the price that a security research company is willing to cough up for a single zero-day vulnerability in Windows. Digital Armaments has failed to specify the Windows version for which vulnerabilities will be accepted in its Hackers Open Challenge, so the fair conclusion would be that any Windows iteration is up for the taking, otherwise the provided information is scarce, to say the least.
"Digital Armaments January-February Hacking Challenge: Special 20.000$ Prize - Windows Vulnerabilities and Exploit," reads the title of the Hackers Challenge. "Digital Armaments officially announce the launch of January-February hacking challenge. The challenge starts on January 1. For the January-February Challenge, Digital Armaments will give a SPECIAL PRIZE of 20.000$ for each submission that results in a Exploitable Vulnerability or Working Exploit for Windows or Windows Diffuse Application. This should include example and documentation," it is added with the details.
This is not the first example of an initiative set up to offer security researchers money in exchange for information related to software vulnerabilities. And while the commerce with software security flaws is common practice on the black market, such models have failed to transition into the mainstream. Contributing to this is the constant refusal from software companies to become involved in any sort of vulnerability bazaar.
Instead, many software developers, Microsoft included, are the adepts of what they refer to as the responsible disclosure of vulnerabilities. Meaning that the security researcher is expected to give up a security vulnerability for free to the software company and to receive nothing but credit for it. In the past, Roger Halbheer, Chief Security Advisor Microsoft EMEA, criticized initiatives such as WabiSabiLabi, a veritable vulnerability auctioning website, as unethical, but stopping short of criminal.