Bug Bounty Hunters Spot Flaw In Linux AVBug Bounty Hunters Spot Flaw In Linux AV
The flaw affects the open source ClamAV. 3Com's TippingPoint unit pays for digging up zero-day security holes.
January 13, 2006
3Com has identified a vulnerability in a popular Linux anti-virus program, the fourth time bug bounty hunters have cashed in on the reward the company's TippingPoint division pays for digging up software flaws.
Since July 2005, TippingPoint has paid researchers for uncovering vulnerabilities. The program, dubbed "Zero Day Initiative," to make clear it was only forking over cash for zero-day bugs, doesn't publish a reward rate structure. 3Com uses the information it acquires from the bounties to add protection via its Digital Vaccine service. "The ClamAV vulnerability is the fourth vendor vulnerability disclosed through ZDI with a corresponding patch," said David Endler, director of security research for TippingPoint, in a statement. "By ensuring threat information remains confidential until a patch can be issued, we are helping strengthen security for all technology users and reducing the risk of zero day attacks." Tipping Point notified the developers of the open-source ClamAV anti-virus program of the bug in mid-December. On Monday, the group posted a security update to fix the heap overflow flaw. iDefense, a security intelligence company owned by VeriSign, also has a bug bounty program.
About the Author(s)
You May Also Like
The Forrester Wave™: Vulnerability Risk Management, Q3 2023
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
2023 Cloud Security Report
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend
Cyberthreats Racing Ahead of Your Defenses? Secure Networking Can Put a Stop to That