Feeds

Secunia jumps on vuln reward bandwagon

First, catch your rabbit

Choosing a cloud hosting partner with confidence

Secunia has launched yet another vulnerability rewards program, the Secunia Vulnerability Coordination Reward Program, which it says is designed to operate independently of particular software vendors.

The company says the idea is to make life easier for researchers, by concentrating vulnerability reporting to a single entity, rather than leaving them to deal with multiple vendors’ reporting procedures and rewards programs.

Vendor programs, the company says, have a “business model wrapped around them,” and therefore can be selective in which bugs win a bounty. The Secunia program will accept any vulnerability in off-the-shelf software.

In its blog post, Secunia’s Carsten Eiram says the “fun part” of research is in discovering a vulnerability or exploit, rather than in the “sometimes extensive coordination and liaison” with vendors.

Under this program, he says, Secunia will “both confirm vulnerability discoveries and handle the coordination process”.

The service could also fill a gap, the company says, for researchers who don’t wish to sell their vulnerabilities, or don’t want to constrain their research to those bugs that happen to fit “the requirements of existing initiatives”.

Rather than cash, Secunia’s rewards will include merchandise and two “major annual rewards” for hotel accommodation and entry to major security conferences.

The program’s criteria are that the vulnerability affects a stable product; it affects the latest version of the product; the product has active vendor support; the vulnerability is not already public; and Secunia can replicate the vulnerability. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.