hicksj
Virtuoso
Virtuoso

Digital Armaments May-June Hacking Challenge: VMware

Saw this on bugtraq:

\- -

Digital Armaments May-June Hacking Challenge: VMware

Challenge Publication is 09.05.2007

http://www.digitalarmaments.com/challanges_open.html

I. Details

Digital Armaments officially announce the launch of May-June hacking challenge.

The challenge starts on May 1. For the May-June Challenge, Digital Armaments will give 5000 credits EXTRA plus 2500$ EXTRA for each submission that results in a VMware High Risk Vulnerability. This should include example and documentation.

The submission must be sent during the May/June months and be received by midnight EST on June 30, 2007. The 5000 credits plus the 2500$ will be an extra added to the normal vulnerability payment (check the DACP scheme).

II. References

For further information on Digital Armaments Contributor Program (DACP) please refer at:

http://www.digitalarmaments.com/contribute.html

Details of credits value can be found at:

http://www.digitalarmaments.com/contribute.html#credit

III. Legal Notices

Copyright © 2007 Digital Armaments Inc.

Redistribution of this alert electronically is allowed. It should not be edited in any way. Reprint the whole is allowed, partial reprint is not permitted. For any other request please email customerservice@digitalarmaments.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

0 Kudos
6 Replies
oreeh
Immortal
Immortal

Interesting - we might see some security fixes in June/July Smiley Wink

0 Kudos
hicksj
Virtuoso
Virtuoso

or maybe a bonus check? Smiley Wink

0 Kudos
oreeh
Immortal
Immortal

seizing an idea ...

0 Kudos
TomHowarth
Leadership
Leadership

good god, I hope you too guys haven't got access to anything, my life is interesting enough :smileygrin:

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos
McKeay
Contributor
Contributor

How does running this contest differ from a security researcher being paid to find vulnerabilities? Digital Armaments is changing the pattern of a security researcher being compensated with a paycheck to paying for results from anyone. To me, the fact that the researcher and the company have a long term relationship makes a difference, but maybe I'm off base. I don't like this kind of contest, whether the target is VMware or a Mac Book Pro.

Martin Mckeay

http://www.cobiablog.com

0 Kudos
FredPeterson
Expert
Expert

Its all about economics. Whats the incentive for the truly inventive individuals who normally keep their mouth shut or don't pursue VMWare as a target? There is none, but give them an avenue to reward their out of box thinking and more people show up for the competition.

Its unfortunate, but thats often the way it works.

This is no different then the competitions they have for the same kind of thing at something like DefCon or BlackHat - just with a larger timeframe to work with.

Plus, a paid researcher has no additional incentive, he's paid to do it anyway. An independent person is receiving an additional reward on top of what they already normally get for compensation.

0 Kudos