Security firm TippingPoint has announced that it will
reveal information about unpatched “zero day” vulnerabilities
online.
The firm, a subsidiary of 3Com, said it would not publish
technical details of bugs or name specific affected products, in
order to protect users of the product who may be exposed to
attacks.
But Tipping Point’s Zero Day Initiative website will list the
names of vulnerable products’ vendors, the dates on which the
security firm reported any threat to the vendor and the severity
level of the threat.
The Zero Day Initiative was launched by TippingPoint last year.
Under the scheme, bounty payments are offered to researchers who
report software vulnerabilities, if they are validated by 3Com’s
security laboratories.
The new move to reveal the existence of unpatched flaws is aimed
at encouraging affected vendors to patch their products
speedily.
The
www.zerodayinitiative.com
site now carries details of 28 unpatched vulnerabilities that are
yet to be publicly disclosed. Eight affect Microsoft products.
David Endler, director of security research for TippingPoint,
said: “Over the past year, the most resounding suggestion from our
Zero Day Initiative researchers was to add more transparency to our
program by publishing the pipeline of vendors with pending zero day
vulnerabilities.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats