Sport & Auto
- About Future
- Digital Future
- Cookies Policy
- Terms & Conditions
- Investor Relations
- Contact Future
Just five hours after Firefox 3 was released to a waiting world, TippingPoint's Zero Day Initiative was informed of a serious vulnerability in the brand-new browser, IDG News Service reports. That's fast work, but some are wondering about the timing of the information, since the vulnerability also affects Firefox 2. Why wait until Firefox 3 is barely out of the chute?
Ryan Naraine of ZDNet's ZeroDay blog puts it this way:
It looks very much like the vulnerability researcher was hoarding this vulnerability and saving it for Firefox 3.0 final release to make the sale.
Or, to put it more bluntly, cha-ching!
The Zero Day Initiative Benefits page doesn't list a specific amount for a single reported vulnerability, citing these factors in determining the valuation:
The fact that Firefox, with millions of active users, is the target, suggests that the researcher reporting the vulnerability earned a decent fee for his or her discovery. However, Zero Day Initiative also offers a multi-tiered loyalty program to threat researchers, not enough to make you quit your day job, but a helpful incentive to keep looking for vulnerabilities. For my thoughts, and how to protect yourself until an update is released, see page 2.