Saw this on bugtraq:
\- -
Digital Armaments May-June Hacking Challenge: VMware
Challenge Publication is 09.05.2007
http://www.digitalarmaments.com/challanges_open.html
I. Details
Digital Armaments officially announce the launch of May-June hacking challenge.
The challenge starts on May 1. For the May-June Challenge, Digital Armaments will give 5000 credits EXTRA plus 2500$ EXTRA for each submission that results in a VMware High Risk Vulnerability. This should include example and documentation.
The submission must be sent during the May/June months and be received by midnight EST on June 30, 2007. The 5000 credits plus the 2500$ will be an extra added to the normal vulnerability payment (check the DACP scheme).
II. References
For further information on Digital Armaments Contributor Program (DACP) please refer at:
http://www.digitalarmaments.com/contribute.html
Details of credits value can be found at:
http://www.digitalarmaments.com/contribute.html#credit
III. Legal Notices
Copyright © 2007 Digital Armaments Inc.
Redistribution of this alert electronically is allowed. It should not be edited in any way. Reprint the whole is allowed, partial reprint is not permitted. For any other request please email customerservice@digitalarmaments.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Interesting - we might see some security fixes in June/July
or maybe a bonus check?
seizing an idea ...
good god, I hope you too guys haven't got access to anything, my life is interesting enough :smileygrin:
How does running this contest differ from a security researcher being paid to find vulnerabilities? Digital Armaments is changing the pattern of a security researcher being compensated with a paycheck to paying for results from anyone. To me, the fact that the researcher and the company have a long term relationship makes a difference, but maybe I'm off base. I don't like this kind of contest, whether the target is VMware or a Mac Book Pro.
Martin Mckeay
Its all about economics. Whats the incentive for the truly inventive individuals who normally keep their mouth shut or don't pursue VMWare as a target? There is none, but give them an avenue to reward their out of box thinking and more people show up for the competition.
Its unfortunate, but thats often the way it works.
This is no different then the competitions they have for the same kind of thing at something like DefCon or BlackHat - just with a larger timeframe to work with.
Plus, a paid researcher has no additional incentive, he's paid to do it anyway. An independent person is receiving an additional reward on top of what they already normally get for compensation.