PDA

View Full Version : vulnerability contributor program


0xf001
February 21st, 2006, 07:16
huh,

look at this:

http://labs.idefense.com/vcp.php

Quote:
Our Vulnerability Contributor Program (VCP) compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code. Alternately, iDefense can donate any earned funds to a charity of the contributor's choice in their name.

Criteria
The payment amount is based on the following criteria:

the kind of information being shared (i.e., vulnerability and/or exploit code)
the amount of detail provided
the potential severity level for the information shared
what applications, operating systems, etc. are affected
iDefense's verification of accuracy
what level of exclusivity, if any, is granted to iDefense for the data (see below)
the number of users of the affected application
the potential value to iDefense customers


and they seem to be serious!

cheers,

--
0xf001

ancev
February 21st, 2006, 07:49
hi,

they are... but only pay for vulns on things like winword, windows xp sp2, and so... big appz

they didnt give me even $1 for the one i found in winconnections

ancev

0xf001
February 21st, 2006, 07:59
tssssssssssssss !

i was wondering about their "rating system" - good to hear an example ;D

thx!

0xf001

dELTA
February 22nd, 2006, 17:01
TippingPoint (3com) does the same, and is currently iDefense's biggest competitor in this business as far as I know.