Security firm TippingPoint has announced that it will reveal information about unpatched “zero day” vulnerabilities online.
The firm, a subsidiary of 3Com, said it would not publish technical details of bugs or name specific affected products, in order to protect users of the product who may be exposed to attacks.
But Tipping Point’s Zero Day Initiative website will list the names of vulnerable products’ vendors, the dates on which the security firm reported any threat to the vendor and the severity level of the threat.
The Zero Day Initiative was launched by TippingPoint last year. Under the scheme, bounty payments are offered to researchers who report software vulnerabilities, if they are validated by 3Com’s security laboratories.
The new move to reveal the existence of unpatched flaws is aimed at encouraging affected vendors to patch their products speedily.
The www.zerodayinitiative.com site now carries details of 28 unpatched vulnerabilities that are yet to be publicly disclosed. Eight affect Microsoft products.
David Endler, director of security research for TippingPoint, said: “Over the past year, the most resounding suggestion from our Zero Day Initiative researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero day vulnerabilities.”
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The greatest organisations? The best hardware and software technologies? As part of Computer Weekly’s 40th anniversary celebrations, we are asking our readers who and what has really made a difference?
Vote now at: www.computerweekly.com/ITgreats