Secunia offers bounties for security vulnerabilities

Offers researchers a free pass at everything

By Lawrence Latif

Wed Nov 02 2011, 17:02

INSECURITY OUTFIT Secunia has launched a vulnerability bounty programme that offers security researchers the chance to make money on any insecurity.

Secunia's vulnerability bounty scheme follows in the steps of similar vendor sponsored schemes that offer security researchers money for submitting vulnerabilities. Unlike vendor sponsored schemes, Secunia claims to offer money for vulnerabilities discovered in any software.

Carsten Eiram, chief security specialist at Secunia said, "Most other schemes pay researchers for their discoveries, and, while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate. This leaves a huge gap for researchers, who either do not want to sell their vulnerabilities or discover vulnerabilities not fulfilling the requirements of the existing initiatives, but who would still like an independent third party to confirm their discoveries and handle coordination."

Secunia didn't disclose what exactly it will be offering researchers but said "top-of-the-range merchandise" and "two major annual rewards" such as free hotel accommodation and entry to an IT security conference will be up for grabs. Earlier this year HP told The INQUIRER that the firm offers its most prolific security researchers an all-expenses paid holiday, though as Eiram points out, those researchers have to focus their efforts on just HP's kit.

Paying for vulnerabilities has become big business. Security researchers can make a respectable living from plying their skilled trade, though do not for a moment think that firms like Secunia are offering freebies but getting nothing in return. The security vendors get first dibs on potentially lucrative fixes for serious insecurities.

Being fair to the security vendors, the current situation of rewarding security researchers is a win-win compared to the game of cat and mouse that used to be played. Now firms are accepting that vulnerabilities will be found and rewarding, rather than punishing, those that find them. µ

Tags: Security

Buyer/Procurement Speciali

Buyer/Procurement Specialis...

INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

Yes, it's a great investment

Yes, I want to frame a share certificate

No, it's overpriced

No, I'm not stupid

What, Facebook sold shares? I thought it was free

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Secunia offers bounties for security vulnerabilities

Share this:

Paypal high street mobile payments app hands-on [Video]

London Olympics: Westfield Stratford prepares for visitor deluge with tech innovation [Video]

Databases

Network management

Security

Service oriented architecture

Storage

Buyer/Procurement Speciali

Buyer/Procurement Specialis...

Read more