I feel that, in response to the recent event of how the WMF vulnerability got purchased/sold for $4000 (an interesting timeframe as well), iDefense are actively working on strengthening their market positioning - that is the maintain their pioneering position as a perhaps the first company to start paying vulnerability researchers for their discoveries.
The company recently offered $10,000 for the submission or a vulnerability that gets categorized as critical in any of Microsoft's Security Bulletins. In the long-term, would vulnerability researchers be able to handle the pressure put on them through such financial incentives, and keep their clear vision instead of sell their souls/skills? What if someone naturally offers more, would money be the incentive that can truly close the deal, and is it just me realizing how bad is it to commercialize the not so mature vuln research market, namely how this would leak all of its current weaknesses?
Consider going through some of my previous thoughts on the emerging market for software/0day vulnerabilities as well and stay tuned for another recent discovery a dude tipped me on, thanks as a matter of fact!
Technorati tags:
idefense, vulnerabilities
Friday, February 17, 2006
How to win 10,000 bucks until the end of March?
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com