Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Carsten Eiram discusses SVCRP

Get this blog as an RSS Feed
12:02 CET on the 2nd November 2011
Entry written by Carsten Eiram.

Over the past years, Secunia has steadily received more and more coordination requests from researchers asking Secunia to confirm their vulnerability discoveries and handle coordination. Initially, this was an unofficial service provided to few people in the community, but as more and more researchers contacted Secunia, it grew into a semi-official service provided by Secunia to the community.

Today, Secunia takes this community effort one step further by launching the Secunia Vulnerability Coordination Reward Program (SVCRP).

The fun part of vulnerability research is the actual process of discovering and understanding the vulnerabilities as well as creating PoCs or exploits; and not the sometimes extensive coordination and liaison process that follows with the vendor in order to fix the vulnerabilities. SVCRP offers researchers to confirm their vulnerability discoveries and handle the coordination process, allowing the researchers to focus on the more exciting aspects of vulnerability research and even reward them for it.

Other major vulnerability coordination offerings exist, but most have a business model wrapped around them. SVCRP is a designed to be a complementary service to these. Most other schemes pay researchers for their discoveries, and, while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate. This leaves a huge gap for researchers, who either do not want to sell their vulnerabilities or discover vulnerabilities not fulfilling the requirements of the existing initiatives, but who would still like an independent third party to confirm their discoveries and handle coordination.

Some of these researchers have in the past turned to Secunia for help on an informal basis and we now want to encourage even more researchers to allow us to help coordinate their vulnerability discoveries by providing this reward incentive.

Rewards range from various SVCRP merchandise to currently two major, annual rewards: Free hotel accommodation and entry to an IT security conference chosen from a list of the most popular global IT security conferences. These two rewards are given to the researcher who has coordinated the most interesting vulnerability as judged by Secunia Research and the researcher named: "Most Valued Contributor" by Secunia Research.

It's important to stress that no customers receive advance notification about the vulnerabilities coordinated by Secunia - neither internal discoveries nor vulnerabilities coordinated via this reward incentive.

Everyone - customers as well as the community - receives the information at the same time when the Secunia advisory is published.

Tune in later for more information on this new initiative, improvements to the initiative, the awards, and the researchers being awarded. If you want to know more about SVCRP or would like Secunia to confirm and coordinate a vulnerability on your behalf, then please visit our SVCRP page.

Stay Secure,

Carsten Eiram
Chief Security Specialist

Read the official press release here.

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: Carsten Eiram discusses SVCRP
 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability