VeriSign, 3Com In Bug Buying Business

Get the WebProNews Newsletter:

[ Business]

Those companies own iDEFENSE and TippingPoint, two firms that have announced plans to pay security researchers for vulnerabilities they find.

3Com’s TippingPoint recently announced its Zero Day Initiative, where users of its intrusion protection systems would be the immediate beneficiaries of quick updates to protect against vulnerabilities it purchases.

Purchased by VeriSign in July for $40 million USD, iDEFENSE has had its Vulnerability Contributor Program in place for some time. Like TippingPoint’s ZDI, the program pays for vulnerability information.

To qualify for purchase, a vulnerability has to meet certain criteria with each firm. That criteria includes the seriousness of the flaw, how widely the vulnerable product is used, and how critical the affected application is to its users.

Before ZDI was announced, iDEFENSE’s VCP was the major legal buyer of vulnerability information, according to CNET News. Authorities suspect criminal buyers of vulnerability information have existed for quite some time, though.

One significant difference in the two programs will be exclusivity of information. ZDI wants exclusive rights to the information it purchases. VCP varies its payments with the amount of exclusivity it is granted by the researcher.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.

VeriSign, 3Com In Bug Buying Business
Comments Off
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom