Woah. This zapped in like lightening.
iDefense is putting up the biggest bounty ever for individuals to detect critical holes in as many as six different major software systems that form the backbone of the Internet’s infrastructure. There are six bounties of $16’000 each for any remote hole detected in latest stable versions of the following applications: Apache, BIND, Sendmail, OpenSSH, IIS, MS Exchange.
The few security researchers referenced in the article express their doubt that there will be any submissions, stating that all of the six applications listed are really really difficult to have remote holes in them and that the amount offered is just not worth the time and expertise that would need to be expended on finding holes. I am pretty excited, nonetheless. Yes, the odds of anyone finding a critical remote bug in any of these is substantially low, and that each one of these applications has gone through a long history of major bug fixes and has matured over the years like no other application, they are still pieces of software and prone to bugs.