When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Paying for Flaws Pays Off for iDefense

Internet security specialist iDefense Inc. has released a reverse-engineering tool to the open-source community as part of its controversial strategy of buying the rights to information on security flaws found by underground researchers. The decision to roll out the IDA Sync tool was driven by a need to "contribute to the cycle" of making flaw-finding easier for the private individuals who participate in iDefense's VCP (Vulnerability Contributor Program).

The 3-year-old VCP involves financial incentives to anonymous researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code to iDefense. Michael Sutton, director of iDefense Labs, said the wild success of the program has driven the company to release tools like IDA Sync, which is used to allow multiple analysts to synchronize their reverse-engineering efforts in real-time within the IDA Pro disassembler.

View: The full story

News source: eWeek

Report a problem with article
Next Article

Microsoft Researchers Target Worms, Buffer Overruns

Previous Article

Netscape 8 Beta