lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 3 Nov 2011 18:14:22 +0000
From: Ryan Dewhurst <ryandewhurst@...il.com>
To: Georgi Guninski <guninski@...inski.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Secunia jumps on vuln reward bandwagon

Their 'rewards' do not seem to justify the vulnerability/exploit research time.

"The rewards on offer will range from top-of-the range merchandise to
two major annual rewards such as free hotel accommodation and entry to
an IT security conference chosen from a list of the most popular
global security conferences.  The latter rewards will be given for the
first time in January 2012.  One reward will be given to the
researcher who coordinates the most interesting vulnerability as
judged by Secunia in the form of a prize under the Most Interesting
Coordination Report category.  Criteria will include complexity,
impact, level and level of detail.  The other will be given to the
researcher who has been consistently coordinating correct, clearly
detailed vulnerability reports that are quick and easy to confirm as
judged by Secunia.  The researcher will be given the title, ‘Most
Valued Contributor’ by Secunia.  Other rewards will be continuously
given to researchers coordinating their discoveries through Secunia
based on their individual performance."

http://secunia.com/company/blog_news/news/271

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
twitter www.twitter.com/ethicalhack3r
projects www.dvwa.co.uk | www.webwordcount.com | code.google.com/p/wpscan

On Thu, Nov 3, 2011 at 5:57 PM, Georgi Guninski <guninski@...inski.com> wrote:
> On Thu, Nov 03, 2011 at 05:46:15PM +0100, Michele Orru wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> It seems that even XSS, XSRF and SQLi are accepted...
>> Interesting.
>>
>> Cheers
>> antisnatchor
>>
>> Georgi Guninski wrote:
>> > http://www.theregister.co.uk/2011/11/02/secunia_vulnerability_rewards/
>> > Secunia jumps on vuln reward bandwagon
>> >
>> > have in mind the list is "Hosted and sponsored by Secunia"
>> >
>
> What about alternatives?
>
> How much the hosting will cost?
>
> I remember how aleph1 sold bugtraq (including the paid posters)
> and i don't feel like contributing to bugtraq ver. 2.
>
> --
> j
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ