Re: [ISN] Bug Finders: Should They Be Paid?

From: InfoSec News (isnat_private)
Date: Wed Aug 14 2002 - 02:35:40 PDT

  • Next message: InfoSec News: "Re: [ISN] Security flaw found in Microsoft Web browser"

    Forwarded from: Kurt Seifried <kurtat_private>
    OB disclaimer: I am working for iDefense as a contractor.
    What I don't get is this:
    a) iDefense hires someone fulltime as an employee
    b) iDefense hires someone on a contract basis
    c) iDefense hires someone on a one time contract basis for work rendered
    why is option c) bad but a) and b) are ok? You have the exact same
    problems with hiring people full time to do vulnerability research.
    At least iDefense is being open about this (i.e. publicly announce
    they are doing it, give credit, let customers know...), I hate to
    break it to you guys but many many companies have been buying security
    information/exploit code/etc on a contract basis for quite some time
    (and haven't been so public about it).
    Kurt Seifried, kurtat_private
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Aug 14 2002 - 05:35:02 PDT