whoisgregg - 6:13 pm on Jun 24, 2008 (gmt 0)

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities. Why? It makes sense to pay someone skilled to evaluate software to find a vulnerability.

I imagine the issue here is that it's an independent company paying third parties to find vulnerabilities.

It's a bit like your neighbor paying a locksmith to check if you locked all your windows and doors and, if they find one that's open, to rummage around your house to see if you left any valuables laying around.