Users login

Create an account »


Users login

Home » Hacking News » Get paid for discovering vulns

Get paid for discovering vulns

by Nikola Strahija on July 26th, 2005 TippingPoint, a division of networking giant 3Com, is going to pay researchers for information about unannounced vulnerabilities in major systems and software and will add bonuses for productive flaw finders, the company announced recently.

Under the program named Zero Day Initiative researchers will submit details of security bugs to 3Com. The company will then pay founders fee, under terms of becoming the exclusive owner of the information. The networking giant is planning to use the information in order to provide early protection for its customers and also work with the affected product's maker to fix the vulnerability.

-Increasingly, an ecosystem is developing around technical security research knowledge concerning as-yet-undisclosed vulnerabilities, the company stated on the ZDI Web site. -We believe that one effective way to capture this data is by establishing a best-of-breed research clearing house and community.’

Part bug bounty, part loyalty-rewards program, the Zero Day Initiative refines previous plans started by other companies to reward researchers for exclusive information on vulnerabilities, such as Vulnerability Contributor Program from iDefense. The Mozilla Foundation has also offered a bounty, but only for serious bugs found in its own open-source browser. Microsoft created perhaps the most famous bounty program in the security industry, but not for bugs. In August 2003, the software giant created a $5m fund to pay for information on attackers that release certain Internet worms and viruses. -Such programs have become less controversial over time, said Carole Theriault, a security consultant for antivirus firm Sophos.

Under 3Com's program, researchers will sign up for an account on the ZDI's portal site, which will launch on August 15. Vulnerabilities submitted to the company through the portal will be evaluated and the company will then make an offer to the flaw finder. If the researcher accepts the offer, then 3Com will own exclusive rights to the information. Those bounty hunters with more productivity will be able to gain silver, gold or platinum status.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »