Offering a bounty for security bugs

[intmon]

Offering a bounty for security bugs

TippingPoint--part of 3Com--is soliciting hackers to report vulnerabilities in exchange for money. If a valid bug is found, TippingPoint will notify the maker of the flawed product and update its security products to protect users against exploitation of the flaw until an official patch is released.


"We want to reward and encourage independent security research, promote and ensure responsible disclosure of vulnerabilities and provide 3Com customers with the world's best security protection," David Endler, director of security research at TippingPoint, said in an interview.

Austin, Texas-based TippingPoint sells intrusion prevention systems, which are designed to protect against vulnerabilities, on servers, desktops and other computers connected to an organization's network.

The payments are being offered under TippingPoint's new "Zero Day Initiative." The company plans to announce the program on Monday and celebrate the launch with a party in Las Vegas on Wednesday, the first day of the annual Black Hat Briefings, an event for security professionals and enthusiasts.

Read the rest here:
http://news.com.com/Offering+a+bount...l?tag=nefd.top

[XTC46]

they say they only want to deal with reputable researchers...thats stupid, they should take the news of the flaw from anyone willing to turn it in. some malicious hacker wouldnt turn in the exploit if he planned on using it often so he obviously is atleast partly trying to help (for money, but still)