15:13 CET on the 14th November 2011 Entry written by Secunia.
The article ‘So You Want To Be A Zero Day Exploit Millionaire?’ by Mathew J. Schwartz asks the question: “Have you discovered a killer zero-day vulnerability in a widely used product? Can the bug be ‘weaponized,’ or actively exploited?”
Schwartz then discusses the various programs on the market that reward “bug hunters” and debates other ‘options’ such as defence contractors and the black market.
Secunia's independent vulnerability reward program SVCRP is presented as a new alternative for researchers.
“For security researchers with knowledge of a bug that's not worth much, or for researchers who question the ethics of selling any bug information, there are alternatives. Last week, for example, vulnerability information service Secunia launched its Secunia Vulnerability Coordination Reward Program, which formalizes what Secunia says it's been doing informally for some time: It acts as a go-between for security researchers that have discovered a vulnerability in a product, and the vendor of that product.”
Thomas Kristensen, Secunia CSO also provides commentary about the SVCRP and its policy to Schwartz.
To read the article in full, visit InformationWeek here.
Discuss this news entry
A new thread in our forum is created. Activate the thread by
Subject: InformationWeek: Zero Day Exploit Millionaires
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.