Security firm reveals zero day vulnerabilities online

Security firm TippingPoint has announced that it will reveal information about unpatched “zero day” vulnerabilities online.

Security firm TippingPoint has announced that it will reveal information about unpatched “zero day” vulnerabilities...


The firm, a subsidiary of 3Com, said it  would not publish technical details of bugs or name specific affected products, in order to protect users of the product who may be exposed to attacks.

But Tipping Point’s Zero Day Initiative website will list the names of vulnerable products’ vendors, the dates on which the security firm reported any threat to the vendor and the severity level of the threat.

The Zero Day Initiative was launched by TippingPoint last year. Under the scheme, bounty payments are offered to researchers who report software vulnerabilities, if they are validated by 3Com’s security laboratories.

The new move to reveal the existence of unpatched flaws is aimed at encouraging affected vendors to patch their products speedily.

The site now carries details of 28 unpatched vulnerabilities that are yet to be publicly disclosed. Eight affect Microsoft products.

David Endler, director of security research for TippingPoint, said: “Over the past year, the most resounding suggestion from our Zero Day Initiative researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities.”


Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at:



Enjoy the benefits of CW+ membership, learn more and join.

Read more



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: