Extortion or fair trade? The value of bug bounties

Vendors without bug bounty programs risk the wrath of the infosec community, but such programs must be constructed carefully to yield optimal outcomes

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

A security researcher, sitting on what he claims are 30 flaws in various FireEye products, is demanding the security company pay researchers for vulnerability reports.

The confrontation highlights the challenges organizations face when working with the security research community. 

To continue reading this article register now