IT security firm TippingPoint, part of 3Com, is offering bounty payments for reports of software vulnerabilities.
Interested researchers providing exclusive information about any new vulnerabilities they discover will receive a cash offer if the problem is validated by 3Com’s security laboratories.
Researchers will be able to report their finds to the company through a secure portal, with TippingPoint saying that most will hear within a week whether their discovery has earned them a reward.
The scheme, which is part of the company’s Zero Day Initiative, allows researchers to earn further rewards and bonuses as they provide more information. They can choose whether to be publicly credited or to remain anonymous.
As agreements are reached to buy information about newly discovered vulnerabilities, the company’s security research team will develop protection filters and notify product vendors.
3Com will not resell the details or any exploit code, the company said. Instead it will offer its customers protection through its intruder prevention technology.