Bug Bounty

Bug bounty programs are nothing new. We have seen various initiatives started in the community and have had a lot of discussion internally regarding whether or not such a program causes a positive impact. After a long brainstorming session, we believe that a common ground for a positive outcome can be achieved. Other companies that buy exploits for their penetration testing war chest rarely share them with the public and once bought, require that the author does not share them. We are going the other direction on this idea. If the author of the exploit permits it, we will release them publicly after 60 days for everyone to download. Win

What the influencers are saying

  1. HD Moore

    19.0 hours ago

    Woah. Packet Storm now has an exploit bounty that makes exploits public 60 days after acceptance: http://t.co/5AEIP0lS ( via @taviso)

  2. Kyle Maxwell

    19.0 hours ago

    Hrm. What's a "0.5-day" exploit? http://t.co/5nvCAlfrH0

  3. Chae Jong Bin

    19.0 hours ago

    RT @w3bd3vil: I like this, you are being paid for non-0day exploits and these will be released publicly :-) http://t.co/kZTmg0w7

  4. Sam Bowne

    19.0 hours ago

    RT @spacerog: $7K for Reader, Flash, or IE RCE from Packet Storm? Yup. http://t.co/8oE9ov1A Game changer? maybe.

  5. Rob Fuller

    19.0 hours ago

    RT @hdmoore: Woah. Packet Storm now has an exploit bounty that makes exploits public 60 days after acceptance: http://t.co/5AEIP0lS ( v ...

  6. grecs

    19.0 hours ago

    RT @hdmoore: Packet Storm now has an exploit bounty that makes exploits public 60 days after acceptance: http://t.co/cjmkGwN8



, join the conversation

Related Reading

News

Most Popular

Commentary

On the Web

More On the Web»

Video

Slideshow



InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.