Secunia Vulnerability Coordination Reward Program (SVCRP)

Posted on Friday, November 04, 2011 by Tenderfoot

SVCRP (Secunia Vulnerability Coordination Reward Program) is a reward incentive offered by Secunia to researchers, who have discovered a vulnerability and would like a third party to confirm their findings and handle the coordination process with the vendor on their behalf.

All classes of vulnerabilities in most products are applicable for SVCRP as long as the following basic criteria are met:
  • The vulnerability affects a stable product.
  • The vulnerability affects the latest version of the product.
  • The product is actively supported by the vendor.
  • The vulnerability is not already publicly known.
  • Secunia Research is able to confirm the reported vulnerability.
Minor rewards will be continuously awarded to researchers coordinating their discoveries through Secunia based on their individual performance. The two major rewards are currently awarded annually (the first one in January 2012!).

Most Valued Contributor: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been consistently coordinating correct, clearly detailed vulnerability reports that have been quick and easy to confirm.

Most Interesting Coordination Report: This is a yearly prize awarded to the researcher, who based on Secunia Research's judgement has been coordinating the most interesting vulnerability (criteria considered are e.g. complexity, impact, affected product, level of detail in provided vulnerability report).
The current list of qualifying conferences are:
  • Black Hat
  • Defcon
  • CanSecWest
  • RECON
The coordination process will follow the same disclosure policy as followed by the Secunia Research team when coordinating internally discovered vulnerabilities.

If you would like to report a vulnerability to Secunia via SVCRP then please send a vulnerability report prefixed with "[SVCRP]" in the subject to vuln@secunia.com. The report should contain details on the affected product/version and PoC or detailed steps to trigger the vulnerability to ensure that Secunia Research can reproduce your findings.


Source :-  http://secunia.com/community/research/svcrp

No Response to "Secunia Vulnerability Coordination Reward Program (SVCRP)"

Leave A Reply