August 29, 2010, 9:34 PM — Deutsche Post, the successor to the German federal postal service, will offer bounties for bugs researchers find in its E-Postbrief secure message service, the company announced this week.
The firm, which also operates the DHL overnight delivery service, will kick off a contest in October after it pre-approves research teams that apply for what it's calling the Deutsche Post Security Cup. Each team will be seeded with 3,000 ($3,800), but must use their own tools and agree to not touch any private data they come across during their work.
The teams must also keep quiet about any vulnerabilities they find until December, when Deutsche Post will award prizes and reveal the bugs it's patched.
Bounties of 6,000 ($6,400) and 1,000 ($1,300) will be paid for major and minor bugs, respectively, with a four-member jury classifying the reported vulnerabilities.
The jury includes Jennifer Granick, the civil liberties director of the Electronic Frontier Foundation (EFF) and Thorsten Holz, the co-founder of the German Honeynet Project, which places vulnerable systems on the Internet to collect malware.
Bug bounties and prizes gained momentum this summer after Mozilla and Google both hiked the rewards they pay to researchers who report vulnerabilities in Firefox and Chrome, respectively. Shortly after the bounty boosts, the long-running Zero Day Initiative (ZDI) bug payment program run by HP TippingPoint announced new rules, including a six-month deadline for patching reported problems.
More information about Deutsche Post's bug contest can be found on its Web site .
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .
Read more about security in Computerworld's Security Topic Center.
