Bounty payments on Vista and IE7 vulnerabilities
Security services provider iDefense is offering a reward of 8,000 dollars for vulnerabilities in Windows Vista or Internet Explorer 7 that can be exploited via the internet. There is an additional award of up to 4,000 dollars for functioning demo code. This is significantly less than the price currently being offered for such exploits in underground auctions - Trend Micro recently reported that Vista exploits were going under the hammer for up to 50,000 US dollars.
On the other hand you do get to keep a clear conscience and save yourself a possible visit from the long arm of the law. iDefense always informs the relevant manufacturer of any vulnerabilities first and only publishes them once the manufacturer has released a patch. During the intervening period only their customers are provided with preventive protection. Nevertheless, with this bounty one could accuse the enterprising white hats of lending respectability to the bartering of information on security vulnerabilities. Demanding money for such information used to be taboo. iDefense smashed this taboo and has been paying awards for exclusive information on security vulnerabilities for more than four years. Since 2005 competition from 3Com/Tipping Point's Zero Day Initiative (ZDI) has stirred up the market and also led to a swift rise in prices.