Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Bug Bounties Uncover 1 in 4 Microsoft Flaws

Nearly a quarter of the vulnerabilities patched by Microsoft on Tuesday were discovered by researchers paid bounties by a pair of security companies, one of the vendors said Thursday.

Of the 21 flaws fixed by the 12 security updates issued Tuesday, 5 were credited to bug bounty programs run by Reston, Va.-based VeriSign iDefense and Austin, Texas-based 3com TippingPoint.

"It was really interesting to look at the overall bulletins Tuesday," said Mike Sutton, the director of VeriSign iDefense Labs. "The market is changing, and people are recognizing that there is value in vulnerabilities."

iDefense was credited by Microsoft with submitting 4 of the 21 vulnerabilities, but only 3 came from its Vulnerability Contributor Program (VCP), which debuted in 2005. The fourth, Sutton said, was found by an iDefense researcher.

Two others, meanwhile, came from TippingPoint's rival Zero Day Initiative (ZDI).

  • 1