Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug Finders: Should They Be Paid?

From: InfoSec News <isn () c4i org>
Date: Wed, 14 Aug 2002 04:35:40 -0500 (CDT)
Forwarded from: Kurt Seifried <kurt () seifried org>

OB disclaimer: I am working for iDefense as a contractor.

What I don't get is this:

a) iDefense hires someone fulltime as an employee
b) iDefense hires someone on a contract basis
c) iDefense hires someone on a one time contract basis for work rendered

why is option c) bad but a) and b) are ok? You have the exact same
problems with hiring people full time to do vulnerability research.

At least iDefense is being open about this (i.e. publicly announce
they are doing it, give credit, let customers know...), I hate to
break it to you guys but many many companies have been buying security
information/exploit code/etc on a contract basis for quite some time
(and haven't been so public about it).

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: