Nearly a quarter of the vulnerabilities patched by Microsoft on Tuesday were discovered by researchers paid bounties by a pair of security companies, one of the vendors said Thursday.
Of the 21 flaws fixed by the 12 security updates issued Tuesday, 5 were credited to bug bounty programs run by Reston, Va.-based VeriSign iDefense and Austin, Texas-based 3com TippingPoint.
"It was really interesting to look at the overall bulletins Tuesday," said Mike Sutton, the director of VeriSign iDefense Labs. "The market is changing, and people are recognizing that there is value in vulnerabilities."
iDefense was credited by Microsoft with submitting 4 of the 21 vulnerabilities, but only 3 came from its Vulnerability Contributor Program (VCP), which debuted in 2005. The fourth, Sutton said, was found by an iDefense researcher.
Two others, meanwhile, came from TippingPoint's rival Zero Day Initiative (ZDI).
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
