Groups argue over merits of flaw bounties

Groups argue over merits of flaw bounties
Robert Lemos, SecurityFocus 2006-04-05

Vancouver, CANADA--Vulnerability researchers, software makers, and security companies that buy information about software flaws found little common ground during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs.

Expand all | Post comment

Groups argue over merits of flaw bounties 2006-04-06
KF (1 replies)

Re: Groups argue over merits of flaw bounties 2006-04-06
Tom Ferris

Groups argue over merits of flaw bounties 2006-04-07
Matthew Murphy

Groups argue over merits of flaw bounties 2006-04-07
TJ (2 replies)

Re: Groups argue over merits of flaw bounties 2006-04-07
Anonymous

In reply to TJ's post, I don't think thats the right attitude at all. By doing that your leaving yourself at risk as well as everyone else. Just because a vulnerability is not reported to a vendor does not mean its not known.

Also many vendors will not learn on their own how to handle security issues without a little help. I for one would rather help a vendor to educate them rather than leave them in the dark and let them repeat their mistakes.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11386/33608#33608

Re: Groups argue over merits of flaw bounties 2006-04-08
Matthew Murphy

Groups argue over merits of flaw bounties 2006-04-10
Anonymous (1 replies)

Re: Groups argue over merits of flaw bounties 2006-04-10
Anonymous