Join us

Is it time that VMware launched a bug bounty programme?

Published by The Stack
September 29, 2021 @ 10:34 AM

The Stack is one of the UK’s fastest growing business technology publications. Founded in late 2020 by Edward Targett, the former editor of Computer Business Review, it regularly features interviews with some of the world’s most influential digital leaders, along with think pieces, news, and business intelligence. You can follow The Stack on LinkedIn here.

Is it time that VMware launched a bug bounty programme?

 Image credit: Guilherme Stecanella, via

Find a critical pre-authentication (no login needed) exploit that lets you attack VMware’s vCentre Server and you could earn $100,000 selling it to a zero day broker like Zerodium. Do the right thing as a security researcher and report it to the software giant and you will get a big fat nothing other than the warm fuzzy glow of being a good person — because the $11 billion (by 2021 revenues) company does not run a paid bug bounty programme.

For many, doing the right thing is reward enough. Privately brokered zero days may end up being used for corporate espionage or by intelligence services; they also be more obviously abused by authoritarian states.

Posted in:CIONET UK

You May Also Like

These Stories on CIONET UK

Subscribe by Email

No Comments Yet

Let us know what you think