Packetstorm opens bug bounty programme with $7,000 top reward

16 Jan 2013

bug malware virus security threat breach

Packetstorm has joined the exploit hunting race by offering avid hackers rewards of up to $7,000 for working exploits in its newly announced Bug Bounty programme.

The programme was announced on Wednesday and offers willing computer wizards the chance to earn money finding bugs.

"Bug bounty programmes are nothing new. We have seen various initiatives started in the community and have had a lot of discussion internally regarding whether or not such a programme causes a positive impact," Packetstorm said.

The current bounty list features a number of different targets, ranging from a bottom end $350 for a Microsoft .NET Framework Remote Code Execution to massive $7,000 for an Adobe Reader / Acrobat Code Execution.

"Different issues and different levels of exploit offer different levels of compensation. Typical payout for a working exploit ranges from $1,000 to $7,000. If you have a zero-day that you believe is worth a lot more, there is the opportunity for larger payouts, but that requires a different discussion. Nothing is off the table," wrote Packetstorm

Bug hunting programmes have become a heated topic in recent years, with numerous companies, including Google, instigating bounty programmes to help improve their products security.

However, the Packetstorm programme is different in that it aims to help improve cyber security as whole using a full disclosure policy. The policy will see all exploits made public for anyone to download and use 60 days after submission.

"Other companies that buy exploits for their penetration testing war chest rarely share them with the public and once bought, require that the author does not share them. We are going the other direction on this idea. If the author of the exploit permits it, we will release them publicly after 60 days for everyone to download," Packetstorm added.

"It helps the greater good and is in line with our initiative to provide security engineers the ability to test their systems for recently patched vulnerabilities."

The security community has yet to respond to Packetstorm's new programme though it could well be met with a similarly split reaction. Good idea or a misguided attempt to help? Let us know your thoughts.

About The Frontline

Insight into the latest tech news from's team of reporters

IT Security Analyst (Cyber, Wireshark, SIEM)

IT Security Analyst (Cyber, Wireshark, SIEM) Why apply...

Systems Operations Supervisor

Our Client is seeking an Operations Systems Analyst/Supervisor...

Project Manager / Technical Project Manager - (Prince 2, ERP, MS Project, ISO, PPI)

Project Manager / Technical Project Manager - (Prince...

Software QA Tester - No.1 Online Video Gaming Tech Provider

Software QA Tester - No.1 Online Video Gaming Tech Provider...

Browse posts by date

Cal_navigation_previousJanuary 2013Cal_navigation_next

Other sites we like at The Frontline