Friday, September 3, 2010

Deutsche Post Kicks Off Bug Bounty Contest

Via -

Deutsche Post, the successor to the German federal postal service, will offer bounties for bugs researchers find in its E-Postbrief secure message service, the company announced this week.

The firm, which also operates the DHL overnight delivery service, will kick off a contest in October after it pre-approves research teams that apply for what it's calling the Deutsche Post Security Cup. Each team will be seeded with EUR 3,000 (~ $3,800 USD) but must use their own tools and agree to not touch any private data they come across during their work.

The teams must also keep quiet about any vulnerabilities they find until December, when Deutsche Post will award prizes and reveal the bugs it's patched.

Bounties of EUR 6,000 (~ $6,400 USD) and EUR 1,000 (~ $1,300 USD) will be paid for major and minor bugs, respectively, with a four-member jury classifying the reported vulnerabilities.

The jury includes Jennifer Granick, the civil liberties director of the Electronic Frontier Foundation (EFF) and Thorsten Holz, the co-founder of the German Honeynet Project, which places vulnerable systems on the Internet to collect malware.


More information about Deutsche Post's bug contest can be found on its Web site.

No comments:

Post a Comment