Aaron Portnoy, HP: TippingPoint Updates ZDI Zero Day Initiative Program to Improve Security for Clients

August 4, 2010

An enhancement to the HP TippingPoint Zero Day Initiative (ZDI) calls for the publishing of vulnerability advisories no later than six months after flaws are detected and submitted to the program.

After this period, ZDI will publically release limited details of the vulnerabilities so end-users can take precautionary measures. By establishing a deadline, ZDI is encouraging vendors to fix affected software quickly, reducing the risk of potential security attacks through identified weaknesses in these applications.

ZDI, managed by HP TippingPoint, is a research program designed to improve security by identifying software flaws that lead to cyber attacks and security breaches. This policy update makes ZDI one of the first vendor-agnostic research organizations to impose a time limit on vulnerability disclosure cycles.

This policy change also makes it easier for HP to keep its TippingPoint clients’ systems up to date and protected from the latest security exploits. Once vulnerabilities are validated by ZDI, HP TippingPoint’s Digital Vaccine Labs (DVLabs) immediately develops a filter to provide protection from threats targeted at that weakness. This process enables HP TippingPoint Intrusion Prevention System (IPS) clients to more quickly harden their networks against security attacks.

”Comprehensive protection of critical data assets requires organizations to keep their defenses up to date as malicious activity reaches new levels and applications become more complex,” said Aaron Portnoy, manager, Security Research, TippingPoint, HP. “This policy change is critical for staying ahead of threats so users can reduce data, financial and productivity loss.”