The Internet Bug Bounty program, a supportive effort among security experts and companies, paid its very first $10,000 bounty recently for a serious Flash vulnerability. The exploit, which Adobe patched in December, had been a serious one that has been utilized in spear phishing attacks.
The Bug Bounty system, which started last November, is a program put in place by security researchers and supported by Microsoft and Facebook to reward experts who reveal bugs properly. Both Microsoft and Facebook also have have their own bounty programs that cover the basis of their products.
The Internet Bug Bounty program is designed to include some core Internet technology including DNS and SSL, in addition to widely deployed software such as Flash, Java, Google Chrome and Internet Explorer.
The group has been shelling out some smaller sized payouts, however, this would be the first five-figure payout from the group, which is understandable, due to the impact this vulnerability could have had.
David Rude, an iDefense Labs researcher who was been given the bounty, didn’t report the bug straight to the IBB, but to Adobe. He also did not discover it himself; he found attackers using the exploit, but was still paid the full amount.