Monday, August 28, 2006

TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws

Ryan Naraine writes on eWeek:

A security company that pays hackers for information on software exploits and flaws plans to release a list of 29 unpatched flaws in products sold by a host of big-name vendors, including Microsoft, IBM, Apple Computer and Novell.

The Aug. 28 disclosure from TippingPoint's ZDI (Zero Day Initiative) flaw bounty program is a significant change to the way the 3Com-owned company has handled the disclosure of vulnerability data it buys from external researchers.

Instead of waiting for software makers to issue patches, TippingPoint will announce the flaw purchase in bare-bones advisories at the time the issue is reported to the vendor.

More here.

0 Comments:

Post a Comment

<< Home