Internet security specialist iDefense Inc. has released a reverse-engineering tool to the open-source community as part of its controversial strategy of buying the rights to information on security flaws found by underground researchers. The decision to roll out the IDA Sync tool was driven by a need to "contribute to the cycle" of making flaw-finding easier for the private individuals who participate in iDefense"s VCP (Vulnerability Contributor Program).
The 3-year-old VCP involves financial incentives to anonymous researchers who agree to give up exclusive rights to advance notification of unpublished vulnerabilities or exploit code to iDefense. Michael Sutton, director of iDefense Labs, said the wild success of the program has driven the company to release tools like IDA Sync, which is used to allow multiple analysts to synchronize their reverse-engineering efforts in real-time within the IDA Pro disassembler.