OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[Full-disclosure] iDEFENSE/VeriSign - VCP Program Changes

From: iDEFENSE Labs (labs-no-replyidefense.com)
Date: Tue Jul 26 2005 - 17:06:55 CDT


Last week, iDEFENSE was acquired by VeriSign and at that time, I was
able to inform existing VCP contributors that VeriSign fully intended to
expand the Vulnerability Contributor Program (VCP). Today, I'm pleased
to be able to pass along more details about how VeriSign and iDEFENSE
will be substantively increasing pricing for submissions as well as our
reward programs. First off, effective immediately, we will be doubling
our standard pricing structure for vulnerability submissions. As always,
in order to obtain a price quote, we require that a contributor first
submit a discovery to contributoridefense.com. Once accepted, we will
gladly provide a price quote and forward the appropriate contract.

As well, we are increasing the value of the Incentive and Retention
reward programs and launching a new Growth reward program. Details on
the new pricing structure for each program are below. More in depth
descriptions of the programs can be found on our website at
http://www.idefense.com/poi/teams/vcp_reward_programs.jsp.

Retention program:
The retention program is designed to reward the top five contributors
each year. The old and new pricing structures are as follows:

Old New
1 $5,000 $10,000
2 $4,000 $8,000
3 $3,000 $6,000
4 $2,000 $4,000
5 $1,000 $2,000

Incentive program:
The purpose of the incentive program is to reward the top three
contributors for each quarter. The old and new pricing structures are as
follows:

Old New
1 $3,000 $5,000
2 $2,000 $3,000
3 $1,000 $1,000

Growth program:

The purpose of the new Growth program is to reward those contributors
that continue to increase their level of participation in the VCP.
Details of the program are as follows:

- Any contributor with at least 5 submissions in the current year is
eligible to participate.
- The Growth program will compare a contributor's submissions over the
past 12 months (current year) to submissions over the previous 12 months
(past year).
- Growth program payments will be done annually.
- An individual must have been a VCP contributor for at least two years
prior to the reward date in order to participate.
- The Growth program will cover a July 1 - June 30 period, with the
first payment covering July 1, 2005 - June 30, 2006
- Contributors that have submissions in the current year that equal or
exceed submissions from the past year will receive a lump sum payment
equal to 50% of all current year submissions.
- Contributors that have submissions in the current year that equal or
exceed 2X the submissions from the past year will receive a lump sum
payment equal to 100% of all current year submissions.
- Contributors with current year submissions that are between 1X and 2X
past year submissions will receive a lump sum payment appropriately
pro-rated between 50-100% of all current year submissions

As iDEFENSE, we have enjoyed working with the VCP participants over the
past three years and appreciate their vulnerability research
contributions. As part of VeriSign, we look forward to expanding this
program and the corresponding rewards to the VCP community.

Please feel free to email any questions and submissions that you may
have to contributoridefense.com. Also, for anyone that will be
attending Blackhat/Defcon this week, the full iDEFENSE Labs team will be
in attendance. We'll be arriving on Tuesday and departing on Sunday. I
look forward to seeing you there.

Michael Sutton
Director, iDEFENSE Labs
VeriSign, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/