NSS Labs offers cash rewards for exploits
NSS Labs' ExploitHub marketplace is offering a total of $4,400 in reward money for programmers who can write functional exploits for twelve individual vulnerabilities. Ten of the vulnerabilities are in Microsoft's Internet Explorer, while the other two are in Adobe's Flash Player. Founded in 1991, NSS Labs is a leading security research organisation that specialises in penetration-testing and vulnerability consulting; its ExploitHub marketplace allows customers to request exploits for vulnerabilities in return for a bounty. The aim of the program is to accelerate the development of testing tools, and to "help researchers do well by doing good".
The vulnerabilities in question, although already patched, are all considered high-value and have been identified by NSS Labs as vulnerabilities that affect "typical enterprise networks". All entries must be client-side remote exploits, and must not use existing exploit toolkits or applications such as Metasploit. According to Rick Moy, CEO of NSS Labs, "Client-side exploits are the weapons of choice for modern attacks, including spear phishing and so-called APTs. Security professionals need to catch up".
There is no time limit on entering a winning exploit; the first person who submits a working exploit receives the bounty. ExploitHub also allows authors of exploits to retain the rights to their code for future sales. Interested programmers can view the complete list of twelve requested vulnerabilities.
- Bid on exploits at new public auction platform, a report from The H.