Business & Finance
News
7/27/2005
06:05 PM
Connect Directly
RSS
E-Mail
50%
50%

iDefense Doubles Bug Bounties

You can get up to $5,000 for reporting a bug to iDefense.

A day after rival 3Com's TippingPoint subsidiary announced a scheme to pay researchers for digging up vulnerabilities, iDefense on Wednesday upped the ante by doubling its bug bounties.

The Reston, Va.-based iDefense, which was recently purchased by security giant VeriSign for $40 million in cash, revealed a new payment schedule for its Vulnerability Contributor Program (VCP) on the Full Disclosure security mailing list.

"Effective immediately, we will be doubling our standard pricing structure for vulnerability submissions," wrote Michael Sutton, the director of iDefense Labs in an e-mail to the list.

Like TippingPoint, iDefense doesn't publish a reward rate structure, but instead requires researchers to submit a vulnerability before quoting a bounty.

The company also upped the amounts in its two existing high-profile programs, and opened a new plan geared toward giving bigger rewards to researchers who boost the number of their submissions.

Rewards issued each quarter to the top three vulnerability contributors, for instance, climbed from between $1,000 and $3,000 to between $1,000 and $5,000, while end-of-the-year payouts to the top five doubled. The top contributor to iDefense's VCP will now receive $10,000, for example, while the second-place researcher will get $8,000.

The new Growth program, said Sutton, is designed to reward contributors who stick with iDefense's VCP. Those who double the number of submissions over a previous year, for example, will get a bonus equal to 100 percent of the rewards paid out that year.

Paying for vulnerabilities is a way for research firms to get a competitive edge on rivals, and is increasingly popular among application developers and security vendors. Mozilla Foundation, for instance, pays researchers $500 for each critical flaw found.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.