Connect with us

Hi, what are you looking for?



Secunia Launches Reward Program for Vulnerability Coordination

Secunia has rolled out the “Secunia Vulnerability Coordination Reward Program” (SVCRP), a new program that aims to benefit both the IT community and end-users by uncovering and helping to resolve previously unreported bugs.

Secunia has rolled out the “Secunia Vulnerability Coordination Reward Program” (SVCRP), a new program that aims to benefit both the IT community and end-users by uncovering and helping to resolve previously unreported bugs.

Secunia Vulnerability Coordination Reward ProgramMost other schemes pay researchers for their discoveries (bug bounty programs), and while these offerings are excellent for researchers, the companies are, naturally, very selective in which vulnerabilities they wish to purchase and coordinate. This leaves a huge gap for researchers, who often like an independent third party to confirm their discoveries and handle coordination.

SVCRP is open to any researcher who has discovered a software vulnerability and would like a third party to confirm their findings and handle the coordination. As part of the program, Secunia will offer rewards to researchers who come to them first, and use Secunia to act as a point of contact with the vendor.

The main benefit to researchers is that Secunia will assess and validate the vulnerability, thus allowing them to deal with other priorities as well as giving added weight to their findings.

Related Resource: Vulnerability Management Buyer’s Checklist: Key Questions to Ask

Benefits to vendors include the fact that vulnerability discoveries are confirmed in detail. As a result, vendors will receive very precise information about the vulnerability, and Secunia will work with them to find a fix, provide feedback and help confirm that their new patches are properly addressing the vulnerabilities prior to release.

“The fun part of vulnerability research is the actual process of discovering and understanding the vulnerabilities as well as creating proof of concepts or exploits; and not the sometimes extensive coordination and liaison process that follows with the vendor in order to fix the problem,” explained Carsten Eiram, Chief Security Specialist at Secunia.

“Under the new program we will both confirm vulnerability discoveries and handle the coordination process, allowing researchers to focus on the more exciting aspects of vulnerability research. Other major vulnerability coordination offerings exist but most have a business model wrapped around them. SVCRP is designed to be a complementary service to these.”

Advertisement. Scroll to continue reading.

The rewards on offer will range from top-of-the line merchandise to two major annual rewards such as free hotel accommodation and entry to an IT security conference chosen from a list of the most popular global security conferences.

Secunia was clear that there is no cash on offer, but researchers will continue to receive any payments to which they are entitled to from various vendors. They also noted that customers will not receive any advance notification about the vulnerabilities.

Security Resource: Vulnerability Management Buyer’s Checklist: Key Questions to Ask

Related Content: Third Party Applications Responsible for 69% of Vulnerabilities on Typical Endpoint

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.