This post originated from an RSS feed registered with .NET Buzz by Jeff Key. Original Post: Microsoft creates bounty fund. Who's bounty-worthy? Feed Title: Jeff Key Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/jkey/Rss.aspx Feed Description: Topics revolve around .NET and the Windows platform. Latest .NET Buzz Posts Latest .NET Buzz Posts by Jeff Key Latest Posts From Jeff Key

Thurrott reports that Microsoft has now committed US$5 million as “bounty“ money for cyberattackers.  I'm very interested to see where they draw the line.  What is considered malicious enough to warrant a bounty?  If I remember correctly, the Wisconsin kid's worm attacked at most several thousand computers.  If one of his buddies turned him in, would said buddy get a reward?  What about intent?  Which would be “worth” more: 

• A trojan that was designed to erase hard drives, but only made it to (and erased) 100 machines
• A virus that tried to replicate itself as much as possible, getting on hundreds of thousands (or millions) of machines, but not doing any tangible damage

The devil's in the details, I guess.  I'm sure we'll find out soon enough.

(ps.  Yes, that's a Seinfeld reference.)