Groups argue over merits of flaw bounties - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Groups argue over merits of flaw bounties

User Rating:

How can I rate this item?

Source: TheRegister.co.uk - Posted by Benjamin D. Thomas

Vulnerability researchers, software makers, and security companies that buy information about software flaws found little in common during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs.

The discussion, wrapping up the first day of the CanSecWest Security Conference, left software makers and the companies that run vulnerability-purchasing programs at loggerheads over whether paying for information about flaws makes sense. Such initiatives help secure the end user, argued Michael Sutton, director of the vulnerability research labs for VeriSign subsidiary iDefense, which pioneered the first permanent bounty program for security vulnerabilities.

Read this full article at TheRegister.co.uk