VeriSign iDefense offers $48,000 for Vista, Internet Explorer 7 vulnerabilities

VeriSign's iDefense Labs has put a $48,000 bounty on remotely exploitable vulnerabilities in the new Windows Vista operating system and Internet Explorer 7.0. The pot of cash is open to those willing to undertake iDefense Labs' first quarterly vulnerability challenge of 2007. The company explained that it will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute code on either of the two Microsoft products.

In an announcement on the iDefense Labs website, the company said that the challenge is designed to ferret out early weaknesses in both Microsoft releases.

"It is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty," read the note. "Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products."

The challenge is open through Mar. 31 and awards will be given for the first six vulnerabilities that qualify. In addition to the awards, iDefense Labs said it will also pay a bonus of between $2,000 to $4,000 for code that exploits the submitted vulnerability.

Microsoft has long been a critic of programs, such as iDefense Labs' quarterly challenges, which pay researchers for vulnerabilities.