SVCRP Status Update and Winners

You’ve reached an archived blog post that may be out of date. Please visit the blog homepage for the most current posts.

By Carsten Eiram

SVCRP was introduced at the beginning of November 2011 and the amount of submissions received in that short timespan has greatly exceeded our expectations as has the positive feedback.

Creating an initiative to provide researchers with third-party confirmation of their discoveries and help them coordinate these does result in additional work on our end. It is certainly worth it, though, when the response to the initiative is so positive. I'd like to give a big thank you for the positive feedback and especially to all the researchers, who have used SVCRP to make coordination of their vulnerabilities so much easier.

Even though the number of received vulnerability reports has been immense, we have strived to deliver a quick turnaround to researchers from the time a vulnerability report is received to the time the details are confirmed and the vendor contacted. I find that we have been quite successful at that as our average time to confirm researchers' discoveries and contact the vendors on their behalf has been just a bit longer than two business days. Therefore, a big thank you to my team for their extremely efficient handling of the SVCRP submissions.

Anyway, now to the most important part of this blog: The two winners of our "Most Valued Contributor 2011" and "Most Interesting Coordination Report 2011" awards, who both – apart from some merchandise showing their achievements – receive paid hotel accommodation and entrance to an IT Security Conference of their choice from some of the world's most popular conferences including Black Hat Las Vegas.

The winner of "Most Valued Contributor 2011" is: Tielei Wang, who was extremely active in the last two months of 2011 and has been consistently providing accurate and highly detailed vulnerability reports with complete analysis of each vulnerability's core problem. This is not something we see very often in this industry, but we would certainly like to see more of it as it makes it extremely fast to confirm the reported vulnerabilities and core problems.

The winner of "Most Interesting Coordination Report 2011" is: Parvez Anwar, who proved that it sometimes does pay to do some last minute vulnerability research as his report came in on the last business day of 2011. As the vulnerability is currently being coordinated with the affected vendors, we cannot provide more information at this time.

Congratulations to both Tielei Wang and Parvez Anwar for their excellent research efforts. We will be contacting both winners shortly with more information.

We will also soon provide various minor rewards to some other researchers, who have coordinated via SVCRP and somehow distinguished themselves based on e.g. number of coordinated discoveries, quality of reports, and popularity of affected products.

During 2012 we will continue to focus on making both this program and the rewards even better so stay tuned.

Stay Secure,

Carsten Eiram
Chief Security Specialist