http://blog.osvdb.org/2013/10/28/were-offering-a-bounty-of-sorts/ [Since this bounty is coming out of Jericho’s pocket, it would be great if some readers could help out with some $$$ assistance! – WK] By jerichoattrition October 28, 2013 In our pursuit of a more complete historical record of vulnerabilities, we’re offering a bounty! We don’t want your 0-day really. OK sure we do, but we know you are stingy with that, so we’ll settle on your ~ 12,775 day exploits! First, the bounty. This is coming out my pocket since it is legacy and doesn’t immediately benefit people using us as a vulnerability feed. As such, this isn’t going to be a profit center for you. In addition to the personal satisfaction of helping preserve history, shout outs on this blog and multiple Twitter feeds, I will send you something. Want a gift card for Amazon? Something else I have that you want? I’ll make my best effort to make it reasonably worth your while. I know it isn’t a cool $1,337 Google style unfortunately, but I will try! Now, what am I after. Not “a” vulnerability, but any of several lists of vulnerabilities from decades ago. These were maintained in the 1980’s most likely, one of which was internal at the time. I am hoping that given the time that has passed, and that the vulnerabilities have long since been patched and most products EOL’d, they can be disclosed. If you don’t have a copy but know someone might, send me a virtual introduction please! Any lead that results in me getting my hands on a list will be rewarded in some fashion as well. If you have a copy but it is buried in a box in the garage, let me know. I will see about traveling to help you dig through junk to find it. Seriously, that is how bad I want these historic lists! The targets: * The Unix Known Problem List (this was not one of the vendor-specific lists, but those may be groovy) * UC Santa Cruz hack method list * Mt. Xinu bug list (later than 4.2 or with more details than this copy) * Matt Bishop’s UNIX Hole List * Sun Microsystems Bug-List (internal at the time no doubt) * ISIS mail list archive (one run by Andrew Burt in 80′s) * Bjorn Satedevas’ systems administration mailing list archive * The “inner” Zardoz mail list archive (split from the main one, less members) Bonus bounty: Any public-referenced vulnerability before 1980 that we do not have in the database. I know there has to be more out there, help us find them! That’s it! Pretty simple, but may require some digging mentally or physically.