Huntress Labs has announced the donation of $100,000 to the Dutch Institute for Vulnerability Disclosure, which is to be used both to hire its first full time staffer and to start a bug-bounty program specific to the SMB and MSP space.
The company has called on other vendors to make commitments to the effort, and focused on this advice from John Strand of Black Hills information security: Quote
determine good application security from vendors by asking two questions: what their current program looks like and if they’ll share the results/conclusions of the most recent third-party vulnerability test they’ve commissioned.”
Why do we care?
Financial incentives being a theme here, and kudos to Huntress for putting some money where their mouth is. This is not the same as being financially linked to success. It does signal a change in mentality that is starting among some of those involved in the delivery of services. I continue to predict that those who place those incentives around joint success will see the reward here… before it becomes table stakes.