Vancouver, CANADA--Vulnerability researchers, software makers, and security companies that buy information about software flaws found little common ground during a panel discussion on Wednesday debating the merits of vulnerability-purchasing programs.
The discussion, wrapping up the first day of the CanSecWest Security Conference, left software makers and the companies that run vulnerability-purchasing programs at loggerheads over whether paying for information about flaws makes sense. Such initiatives help secure the end user, argued Michael Sutton, director of the vulnerability research labs for VeriSign subsidiary iDefense, which pioneered the first permanent bounty program for security vulnerabilities.
Full story Here
No comments:
Post a Comment