[ news_security_news ]
3Com Tipping On Flaw Disclosures
David Utter
Staff Writer
2005-07-25
 Insider Reports RSS Feed
3Com and its Tipping Point division have established a web site, where security researchers can be rewarded for disclosing vulnerabilities.
TippingPoint, which makes intrusion prevention appliances, wants to find out what flaws or vulnerabilities may be present in technology products. And they're willing to pay.
The Zero Day Initiative (ZDI) works similar to a frequent flyer program. Each reported vulnerability that the company purchases results in payment of an equal number of points to the researcher's ZDI account. For example, a vulnerability that 3Com buys for $5,000 will lead to 5,000 points going into the person's ZDI account.
3Com may choose not to purchase a vulnerability from a given researcher, without giving a reason for doing so. The ones it does purchase will have a value depending on several factors: how widely a product is deployed, whether the vulnerability allows for elevated privileges on a system, and the value of the product, among other issues.
Points accrue in a researcher's account, and over a calendar year a researcher can earn extra cash bonuses plus paid trips to Las Vegas security conventions like DEFCON and BlackHat. Researchers can refer other security professionals into the program. When those referrals have vulnerabilities purchased, the referrer receives a 2,500 point bonus.
Once sold, the information becomes the exclusive property of 3Com. After testing and acquiring the vulnerability, 3Com informs the product vendor affected by the issue. Then, 3Com updates its customers by quickly distributing new protection filters for the TippingPoint IPS products.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
