Secunia is inviting vulnerability researchers to participate in a programme that will confirm discoveries and handle co-ordination on their behalf.
Carsten Eiram, chief security specialist at Secunia, said: "The fun part of vulnerability research is the actual process of discovering and understanding the vulnerabilities, as well as creating proof of concepts or exploits, and not the sometimes extensive co-ordination and liaison process that follows with the vendor in order to fix the problem.
“Under the Secunia Vulnerability Coordination Reward Programme (SVCRP), we will both confirm vulnerability discoveries and handle the co-ordination process, allowing researchers to focus on the more exciting aspects of vulnerability research.
“SVCRP is designed to be a complementary service to these. Most other schemes pay researchers for their discoveries and while these offerings are excellent for researchers, the companies are naturally very selective in which vulnerabilities they wish to purchase and co-ordinate.
“This leaves a huge gap for researchers, who either do not want to sell their discoveries but would still like an independent third party to confirm them and handle co-ordination.”
For vendors, Secunia said the benefits are that vulnerability discoveries will be confirmed in detail to determine the core problem in the code.
