Vulnerability Contributor Program // iDefense Labs

05.12.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

VULNERABILITY CONTRIBUTOR PROGRAM

Home // VCP // Vulnerability Contributor Program

iDefense recognizes that there is an abundance of technical security knowledge concerning undisclosed vulnerabilities and exploit code that are constantly discovered or created by individuals and security groups. Some of this information may see the light of day on security mailing lists or eventually be disclosed as the result of a post-mortem analysis of a compromised computer system.

Our Vulnerability Contributor Program (VCP) compensates individuals who provide iDefense with advance notification of unpublished vulnerabilities and/or exploit code. Alternately, iDefense can donate any earned funds to a charity of the contributor's choice in their name.

Criteria
The payment amount is based on the following criteria:

the kind of information being shared (i.e., vulnerability and/or exploit code)
the amount of detail provided
the potential severity level for the information shared
what applications, operating systems, etc. are affected
iDefense's verification of accuracy
what level of exclusivity, if any, is granted to iDefense for the data (see below)
the number of users of the affected application
the potential value to iDefense customers

Contributors provide iDefense exclusively with advanced notice about the vulnerability and/or exploit code. If the vendor has not been previously contacted, iDefense will work with contributors to determine the appropriate process. After an agreed-upon amount of time has passed, contributors are free to distribute the submitted information to a public forum and/or contact the vendor themselves, assuming they have not already requested iDefense to do so. Contributors will be referenced in all public advisories or reports sent to iDefense customers, assuming they want their identity to be disclosed. If during the verification process iDefense identifies on any forum a vulnerability and/or exploit similar to one sent to iDefense, no compensation will be provided; both information and rights will be returned to contributors. iDefense discloses vulnerabilities according to our Disclosure Policy.

Situations could occur where multiple contributors provide information about the same vulnerability in the same product. In this case, the first contributor who provides information that can be validated by iDefense will be compensated; subsequent contributors will not.

Payment
iDefense offers four methods of payment:

Check - Checks can be sent to a physical mailing address or a post office box. (Sorry, we no longer support International checks)
Personal PayPal account - PayPal does not charge fees to the receiver of money in a Personal PayPal Account. Business PayPal Accounts are subject to fees based on your usage & history with PayPal.
Western Union - used in select countries only. We will need your real name along with the country and city where you wish to pick up your payment.
Wire Transfer - Wire transfers can be made directly to your bank account. You will have to provide your real name, bank name, routing number and account number.

The table below demonstrates the availability of our payment options within a variety of countries.

Note: This does not constitute a complete list of countries that we can work with. [P] denotes that this method of payment is preferred in that country.

Country	Check	Paypal	Western Union	Wire Transfer
United States	[P]
Canada
Mexico			[P]
European Union		[P]
Russia			[P]
Romania			[P]
New Zealand			[P]
India

Contributors can earn additional funds if they allow iDefense to contact the vendor and publicly release the submitted information. Once a price is agreed upon, payment will be sent once the following conditions have been satisfied:

Information is verified to a reasonable degree.
Amount of remuneration and how remuneration will be paid have been agreed upon.
Information disclosure issues have been agreed upon.

If iDefense has received information from potential contributors and the above three issues cannot be resolved, iDefense will not use the information in any way, respecting the intellectual property and/or right of discovery of the contributor.

Rewards
iDefense is proud to offer three separate reward programs:

VCP Retention Program
VCP Incentive Program
VCP Referral Program

The purpose of these reward programs is to reward both current and future contributors. The details of these programs are available at VCP Reward Programs.

If you have questions or would like to sign up as a contributor to the VCP, please contact us via email.

If you prefer to use encryption you can download our public PGP Key.

// VCP

Program Overview

VCP Reward Programs

Vulnerability Challenge

Join the VCP

Vulnerability Submission

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Vulnerability Contributor Program
URL:	vcp/index.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement