Feeds

Secunia jumps on vuln reward bandwagon

First, catch your rabbit

Intelligent flash storage arrays

Secunia has launched yet another vulnerability rewards program, the Secunia Vulnerability Coordination Reward Program, which it says is designed to operate independently of particular software vendors.

The company says the idea is to make life easier for researchers, by concentrating vulnerability reporting to a single entity, rather than leaving them to deal with multiple vendors’ reporting procedures and rewards programs.

Vendor programs, the company says, have a “business model wrapped around them,” and therefore can be selective in which bugs win a bounty. The Secunia program will accept any vulnerability in off-the-shelf software.

In its blog post, Secunia’s Carsten Eiram says the “fun part” of research is in discovering a vulnerability or exploit, rather than in the “sometimes extensive coordination and liaison” with vendors.

Under this program, he says, Secunia will “both confirm vulnerability discoveries and handle the coordination process”.

The service could also fill a gap, the company says, for researchers who don’t wish to sell their vulnerabilities, or don’t want to constrain their research to those bugs that happen to fit “the requirements of existing initiatives”.

Rather than cash, Secunia’s rewards will include merchandise and two “major annual rewards” for hotel accommodation and entry to major security conferences.

The program’s criteria are that the vulnerability affects a stable product; it affects the latest version of the product; the product has active vendor support; the vulnerability is not already public; and Secunia can replicate the vulnerability. ®

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.