Select Page


A “market” based approach to getting companies to fix vulnerabilities. is an idea I’ve had for a while but only recently figured out how I might do it. The problem it solves is allowing security researchers to responsibly release vulnerabilities they find, but still publicly report that a company has a vulnerable product.

It’s worth noting that Zed Shaw, the guy who is starting this, is a legendary programmer in the world of open source web frameworks.

Link here.

Alex Eckelberry
(Thanks Matthew)