If Tyranny and Oppression come to this land, it will be in the guise of fighting a foreign enemy
James Madison (American 4th US President (1809-17), and one of the founding fathers of his country. 1751-1836)

Monday, January 15, 2007

Pay per vulnerability

I finally found an initiative that makes sense in this time of people looking to make a buck out of discovering flaws in MS and other's software. In a previous article "Responsibility when disclosing Microsoft vulnerabilities...hrm..." I rambled on about how those software developers that are bitchin' about vulnerabilities and their disclosure in essence need to pay to play to get their hands on these holes. Otherwise...those that found them will go underground to sell them. Well, I have finally found two companies that are doing just this in a controversial pay-for-flaw VCP (Vulnerability Contributor Program)...Verisign's I-Defense and 3com's Trippingpoint are taking the initiative on paying for exploits and acting as a mediator between the discoverer and the vendor. Sounds like a move in the right direction...the article can be read here or by the link below.

VeriSign Offers Hackers $8,000 Bounty on Vista, IE 7 Flaws @

No comments: