3Com launches vulnerability-buying program

3Com launches vulnerability-buying program
Robert Lemos, SecurityFocus 2005-07-25

TippingPoint, a division of networking giant 3Com, plans to pay researchers for information about unannounced vulnerabilities in major systems and software and will add bonuses for prolific flaw finders, the company announced on Monday.

Expand all | Post comment

What about open source? 2005-07-25
Anonymous (1 replies)

Interesting program, to be sure. It worries me, though, that the only vendors eligible for advance notice of 3Com's purchased sploits are ones who can apply patches without giving away the details of the patch (until after 3Com has released its own filters to address the issue.) This seems to rule out open source products, who cannot readily release security patches without revealing the details of the bug. Are there other schemes similar to 3Coms, and how do open source vendors deal with it?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11253/32159#32159

Re: What about open source? 2005-07-26
Anonymous

3Com launches vulnerability-buying program 2005-07-25
PhantomCircuit