We no longer accept any new submissions to SVCRP, but will of course handle and process all submissions received prior to today.
Read the blog post from Secuniaís Head of Research here
If you have any questions or comments, you are very welcome to contact us.
SVCRP (Secunia Vulnerability Coordination Reward Program) is a reward incentive offered by Secunia to researchers, who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf.
All classes of vulnerabilities in most products are applicable for SVCRP as long as the following basic criteria are met:
Minor rewards will be continuously awarded to researchers coordinating their discoveries through Secunia based on their individual performance. The two major rewards are currently awarded annually (the first one in January 2012!).
Most Valued Contributor:
This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been consistently coordinating correct, clearly detailed vulnerability reports that have been quick and easy to confirm.
Most Interesting Coordination Report:
This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been coordinating the most interesting vulnerability (criteria considered are e.g. complexity, impact, affected product, level of detail in provided vulnerability report).
The current list of qualifying conferences are:
The coordination process will follow the same disclosure policy as followed by the Secunia Research team when coordinating internally discovered vulnerabilities.
If you would like to report a vulnerability to Secunia via SVCRP then please send a vulnerability report prefixed with "[SVCRP]" in the subject to firstname.lastname@example.org. The report should contain details on the affected product/version and PoC or detailed steps to trigger the vulnerability to ensure that Secunia Research can reproduce your findings.
If you prefer to send an encrypted vulnerability report then please find our PGP key here.
|Huawei Multiple Products NTP Brute Force Weakness and Multiple Buffer Overflow Vulnerabilities|
|OpenVZ update for kernel|
|Gentoo update for openssl|
|Gentoo update for ntp|
|Gentoo update for rsyslog|
|Gentoo update for qemu|
Not a customer already?