Security firm reveals zero day vulnerabilities online

News

Security firm reveals zero day vulnerabilities online

Tash Shifrin

Security firm TippingPoint has announced that it will reveal information about unpatched “zero day” vulnerabilities online.

The firm, a subsidiary of 3Com, said it  would not publish technical details of bugs or name specific affected products, in order to protect users of the product who may be exposed to attacks.

But Tipping Point’s Zero Day Initiative website will list the names of vulnerable products’ vendors, the dates on which the security firm reported any threat to the vendor and the severity level of the threat.

The Zero Day Initiative was launched by TippingPoint last year. Under the scheme, bounty payments are offered to researchers who report software vulnerabilities, if they are validated by 3Com’s security laboratories.

The new move to reveal the existence of unpatched flaws is aimed at encouraging affected vendors to patch their products speedily.

The www.zerodayinitiative.com site now carries details of 28 unpatched vulnerabilities that are yet to be publicly disclosed. Eight affect Microsoft products.

David Endler, director of security research for TippingPoint, said: “Over the past year, the most resounding suggestion from our Zero Day Initiative researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities.”

 

Vote for your IT greats

Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?

Vote now at: www.computerweekly.com/ITgreats


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy