Tipping Point will make an offer to buy the bugs

Security firm Tipping Point is setting up a scheme that will see it spend substantial sums to buy bugs sent in by researchers that join the project.

Those who top the scheme's rewards system could be earning $50,000 a year from their bug hunting.

Although Tipping Point is collecting the bugs, it said it would share finds with other security firms.

Points and prizes

Many small security companies make their living by exhaustively analysing popular programs, such as Microsoft Windows, for loopholes and bugs.

If these bugs go unpatched they could leave the users of these programs vulnerable to exploitation by criminal hackers. Firms regularly issue patches for critical vulnerabilities that leave customers at risk.

Tipping Point's Zero Day Initiative capitalises on the large number of security researchers trying out exploits on software and aims to pay them for their work.

Once the scheme is up and running, security researchers will be able to submit the bugs they find to Tipping Point and, if the loophole is found to be real and serious, get a cash offer for what they have found within a week.

Researchers get rewarded with points for every dollar Tipping Point spends to buy the bug. These points also mean members get further rewards and benefits including cash bonuses and free tickets and travel to key industry conferences.

Mozilla also gives cash and a t-shirt to bug finders

Only legitimate security researchers are eligible to join the scheme.

The Zero Day Initiative was announced on 25 July and will be formally launched at the Black Hat briefings due to take place in Las Vegas from 27-28 July. The Zero Day Initiative website is due to start taking registrations from 15 August.

Tipping Point is not the first security firm to offer financial rewards in return for bugs.

iDefense has run its Vulnerability Contributor Program for some time though it offers smaller cash rewards for the bugs that are turned in to it.