Offering a bounty for security bugs

TippingPoint--part of 3Com--is soliciting hackers to report vulnerabilities in exchange for money. If a valid bug is found, TippingPoint will notify the maker of the flawed product and update its security products to protect users against exploitation of the flaw until an official patch is released.


"We want to reward and encourage independent security research, promote and ensure responsible disclosure of vulnerabilities and provide 3Com customers with the world's best security protection," David Endler, director of security research at TippingPoint, said in an interview.

Austin, Texas-based TippingPoint sells intrusion prevention systems, which are designed to protect against vulnerabilities, on servers, desktops and other computers connected to an organization's network.

The payments are being offered under TippingPoint's new "Zero Day Initiative." The company plans to announce the program on Monday and celebrate the launch with a party in Las Vegas on Wednesday, the first day of the annual Black Hat Briefings, an event for security professionals and enthusiasts.

Read the rest here:
http://news.com.com/Offering+a+bount...l?tag=nefd.top