How a security researcher discloses a vulnerability is often as important as the discovery of the vulnerability itself.
To further that end, security services vendor Secunia, which has been providing security advisories to the market for nearly a decade, is now expanding their efforts with the The Secunia Vulnerability Coordination Reward Program (SVCRP). The SVCRP will take in vulnerabilities from third party security researchers, help verify the research and then coordinate with software vendors.
Carsten Eiram, chief security specialist at Secunia told InternetNews.com that Secunia has working relationship with many software vendors that often enable them to get better results than independent researchers can get on their own.
“Often we can get a vendor to fix things a bit quicker,” Eiran said. “Also, many of the researchers really want to focus on finding the vulnerabilities and not the whole coordination process with vendors afterwards.”