TippingPoint wants to turn hackers into bounty hunters. No, they’re not going to send a geek squad to Navy SEAL training camp or trade their Xboxes for AK-47s, they’re going to pay hackers for vital information. 3Com’s security group, TippingPoint, announced a plan today to pay hackers to report vulnerabilities to head off so-called zero day attacks. Zero day attacks are attacks that occur on the same day a software vulnerability is announced.TippingPoint’s new “Zero Day Initiative” requests researchers and hackers to report vulnerabilities. If a valid bug is found, TippingPoint will notify the software manufacturer as well as update its security products to protect users against an exploitation of the flaw. TippingPoint, which was recently acquired by 3Com, sells intrusion prevention systems.“We are offering a legitimate way for hackers to report vulnerabilities,” said David Endler, director of security research at TippingPoint. “We believe this is a responsible way to help find and eliminate what could be very damaging vulnerabilities,” he said. According to Endler, many security researchers want to be recognized for their discoveries, but often do so by posting potentially harmful information publicly, leaving businesses and vendors vulnerable to attack. Endler said TippingPoint will notify affected vendors of security flaws so they begin working on a solution. The vulnerabilities will only be disclosed publicly once the affected vendor is able to offer a solution, he said. TippingPoint will also notify other security vendors of the flaws prior to public disclosure, he added. Other companies, such as iDefense, also offer money for vulnerabilities, which it then passes on to its customers. IDefense was recently acquired by VeriSign.For more information, visit the website here. Security