1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Extortion or fair trade? The value of bug bounties

Discussion in 'Network World' started by RSS, Sep 9, 2015.

  1. RSS

    RSS New Member Member

    A security researcher, sitting on what he claims are 30 flaws in various FireEye products, is demanding the security company pay researchers for vulnerability reports.

    The confrontation highlights the challenges organizations face when working with the security research community.

    [ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ]

    Kristian Erik Hermansen initially said he tried to work with FireEye to fix the vulnerabilities -- and FireEye ignored him. "I tried for 18 months to work with FireEye through responsible channels, and they balked every time,” he said, according to a recent post on CSO.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page