11:20 CET, 16th August 2013 By Kasper Lindgaard, Head of Research.
In November 2011, Secunia launched the Secunia Vulnerability Coordination Reward Program (SVCRP).
The rationale behind the program was explained like this on the launch day, in the blog post announcing it:
"Over the past years, Secunia has steadily received more and more coordination requests from researchers asking Secunia to confirm their vulnerability discoveries and handle coordination. Initially, this was an unofficial service provided to few people in the community, but as more and more researchers contacted Secunia, it grew into a semi-official service provided by Secunia to the community.
Today, Secunia takes this community effort one step further by launching the Secunia Vulnerability Coordination Reward Program (SVCRP).
The fun part of vulnerability research is the actual process of discovering and understanding the vulnerabilities as well as creating PoCs or exploits; and not the sometimes extensive coordination and liaison process that follows with the vendor in order to fix the vulnerabilities. SVCRP offers researchers to confirm their vulnerability discoveries and handle the coordination process, allowing the researchers to focus on the more exciting aspects of vulnerability research and even reward them for it."
Since the launch, the SVCRP has become a success, when we look at activity levels.
We believe the program has played an important role in the vulnerability coordination eco-system. It has been a privilege to help many promising researchers and a pleasure to engage in exchanges with all of them.
Our decision to discontinue the program after all, is because Secunia, as a commercial organization, must assess our initiatives continuously.
The decision to end the SVCRP is based on the conclusion that the amount of time and effort we put into the program, outweighs the benefits to our own organization. This discrepancy unfortunately means that we cannot warrant the continued investment into maintaining the SVCRP.
We will from today no longer accept any new submissions to SVCRP, but will of course handle and process all submissions received prior to today.
We would to thank everyone who has contributed to the Secunia Vulnerability Coordination Reward Program these past 2 years.
If you have any questions or comments, you are very welcome to contact us
Head of Research