IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

Companies to Offer Reward for Disclosing Security Vulnerabilities

"Through this program, we seek to ensure that newly discovered vulnerabilities are managed, disclosed and remediated responsibly, so they don't pose a threat to businesses"

July 27, 2010 • 
News Report
3Com and its TippingPoint division have launched the Zero Day Initiative, a new service aimed at improving the disclosure of security flaws in hardware and software. The goal of the program is to protect businesses from attacks that exploit vulnerabilities on the day they are announced.

As part of the program, 3Com announced it will pay a security researcher an unspecified amount for reporting vulnerabilities to the company. The researcher will also receive credit for discovering the bug, but only once the vulnerability is reported to the company that makes the affected product and the company has released a patch for the vulnerability.

"Through this program, we seek to ensure that newly discovered vulnerabilities are managed, disclosed and remediated responsibly, so they don't pose a threat to businesses," said 3Com Chief Technology Officer, Marc Willebeek-LeMair.

Zero day vulnerabilities occur when the discoverer of the vulnerability discloses the flaw to the public without notifying the vendor, putting businesses at risk from the time of disclosure until the affected vendor issues a patch. It can take vendors weeks or months to supply a patch.

"This program will extend our research organization even further, and enable us to tap some of the brilliant minds in the global security research community." David Endler, Director of Security Research for 3Com's TippingPoint Division said. "Prior to the availability of a vendor-supplied solution or patch, our customers will be protected against threats they aren't even aware of through our Digital Vaccine service."

Many security researchers want to be recognized for their discovery, but they don't always achieve that in a responsible manner. With this program, the researcher is recognized for the discovery when the vulnerability is publicly disclosed with the vendor's patch.

"3Com's initiative is a positive step for the industry," said In-Stat Research Analyst Victoria Fodale. "Viruses or worms that take advantage of vulnerabilities that vendors are not yet aware of can be devastating to an organization. Both vendors and customers stand to benefit from this program. 3Com and its TippingPoint division are to be commended for taking this leadership position."

3Com is not the only company offering such a program. iDefense also pays computer security researchers for disclosing bugs under a similar arrangement.
News Report
See More Stories by News Report
Related Content
A red cloud symbol with a jagged black line through it and red lettering above it that reads "BREACH!" This is surrounded by light blue lines and circles against a black background.
Cybersecurity
Minnesota Human Services Data Breach May Affect 300K People
January 20, 2026
Silhouette of a person wearing headphones sitting in front of computer screens in a 911 dispatch center.
Cybersecurity
New Pact Will Up 911 Cybersecurity for Somerset County, Pa.
January 16, 2026
Aerial view of the Mississippi Capitol building.
Cybersecurity
Eleven States Have Signed Up for MS-ISAC’s New Paid Membership
January 16, 2026
 · Rae D. DeShong
Missouri capitol
Cybersecurity
Missouri Bill Would Eliminate Cybersecurity Task Force
January 15, 2026
Charlotte,,North,Carolina,,Usa,Uptown,Skyline.
Cybersecurity
Data Breach May Have Hit 1M Charlotte, N.C., Telecom Users
January 13, 2026
A "request for login information" is bait on a fishing hook dangling over a computer keyboard in this conceptual art about phishing.
Cybersecurity
Warren County, N.Y., Recoups Payment in Phishing Probe
January 09, 2026
gov-footer-logo-2024.png
GT-footer-logo.png
II-footer-logo.png
NAV-footer-logo.png
CDG-footer-logo.png
CDE-footer-logo.png
CPSAI-footer-logo.png
EM-footer-logo.png