[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Monday, 25 July 2005, 11:18 GMT 12:18 UK
Bug hunters get big cash rewards
No sale notice on cash till, Eyewire
Tipping Point will make an offer to buy the bugs
Hackers who seek out loopholes in popular programs could soon get cash rewards for their finds.

Security firm Tipping Point is setting up a scheme that will see it spend substantial sums to buy bugs sent in by researchers that join the project.

Those who top the scheme's rewards system could be earning $50,000 a year from their bug hunting.

Although Tipping Point is collecting the bugs, it said it would share finds with other security firms.

Points and prizes

Many small security companies make their living by exhaustively analysing popular programs, such as Microsoft Windows, for loopholes and bugs.

If these bugs go unpatched they could leave the users of these programs vulnerable to exploitation by criminal hackers. Firms regularly issue patches for critical vulnerabilities that leave customers at risk.

Tipping Point's Zero Day Initiative capitalises on the large number of security researchers trying out exploits on software and aims to pay them for their work.

Once the scheme is up and running, security researchers will be able to submit the bugs they find to Tipping Point and, if the loophole is found to be real and serious, get a cash offer for what they have found within a week.

Researchers get rewarded with points for every dollar Tipping Point spends to buy the bug. These points also mean members get further rewards and benefits including cash bonuses and free tickets and travel to key industry conferences.

Firefox logo, Mozilla
Mozilla also gives cash and a t-shirt to bug finders
Only legitimate security researchers are eligible to join the scheme.

The Zero Day Initiative was announced on 25 July and will be formally launched at the Black Hat briefings due to take place in Las Vegas from 27-28 July. The Zero Day Initiative website is due to start taking registrations from 15 August.

Tipping Point is not the first security firm to offer financial rewards in return for bugs.

iDefense has run its Vulnerability Contributor Program for some time though it offers smaller cash rewards for the bugs that are turned in to it.

Also open-source browser-maker Mozilla gives $500 and a T-shirt to those that find critical bugs in the software it makes.

UK firms get fresh hacker warning
16 Jun 05 |  Technology
Microsoft warns of critical flaws
15 Jun 05 |  Technology
Firefox's flaws fixed in upgrade
12 May 05 |  Technology
Key hacker magazine faces closure
09 Jul 05 |  Technology
Biggest security holes revealed
05 May 05 |  Technology

The BBC is not responsible for the content of external internet sites


News Front Page | Africa | Americas | Asia-Pacific | Europe | Middle East | South Asia
UK | Business | Entertainment | Science/Nature | Technology | Health
Have Your Say | In Pictures | Week at a Glance | Country Profiles | In Depth | Programmes
Americas Africa Europe Middle East South Asia Asia Pacific