What is the Zero Day Initiative?
Dubai, United Arab Emirates; Today, there remains a perception within the information security industry that vulnerability researchers are malicious hackers looking to do harm. While there clearly are malicious people out there, they remain a small minority of the total number of those who actually discover new software vulnerabilities. In reality, the number of benevolent researchers with the expertise required to discover a software vulnerability is a sizeable and growing population. The dissemination of publicly available vulnerability analysis and discovery tools has helped foster this group of security enthusiasts. Also, it is not uncommon for “white hat” security professionals to stumble onto a new flaw while doing their day-to-day security work.
While our own researchers find many vulnerabilities on their own, it made sense to augment their efforts by leveraging the methodologies, expertise, and time of others through the Zero Day Initiative (ZDI). To accomplish this, we encouraged the reporting of zero day vulnerabilities financially rewarding researchers. Those who discover 0-day (e.g. previously unknown) bugs can submit them to the ZDI program and receive monetary compensation for doing so. As a researcher discovers and provides additional research, bonuses and rewards can increase through a loyalty program similar to a frequent flier program.
Once the bug is confirmed by our researchers, teams work to develop filters for the report so that customers of TippingPoint remain protected while the bug is being corrected by the vendor. The ZDI then discloses the information about the bug to the affected vendor so that they can build and distribute a security patch. Once a patch is ready from the affected vendor, ZDI researchers work collaboratively with the vendor to notify the public of the vulnerability through a joint advisory that provides full credit to the originating researcher, unless the researcher chooses to remain anonymous.
Our disclosure policy reassures researchers and customers that the reported bug will not be “swept under the rug” by the vendor. It also reassures product vendors that there is a professional and standard set of guidelines they can expect to be utilized throughout the disclosure process. This policy and our process have continued over 10 years and resulted in the ZDI program becoming the world’s largest vendor agnostic bug bounty program. In that time, the ZDI has had a tremendous positive effect in securing the landscape by bringing researchers and vendors together and setting the standard for coordinated disclosure. In all, more than 3,500 0-days have been patched through the program.
As we move forward, we expect the vulnerability market to evolve as more and more vendors announce their own programs to incentivize research. We also anticipate regulations and legislation to impact the nature of disclosure, and not necessarily in a positive manner. While we evolve as the industry evolves, our goal continues to be finding and disclosing security bugs in popular software, working with independent researchers from around the globe, and reporting these findings to the vendors so they can fix things in a timely manner. It might not always be easy, but it will continue to be worth doing.
Home >> Technology Section
Hotel Indigo Redefines Art Experience with Launch of Keerthana's First Supper
Roghani, Golestan claim Padel crown at 11th Nad Al Sheba Sports Tournament
ADNOC Distribution Shareholders Approve New Five-Year Dividend Policy As Company ...
flydubai adds two destinations in the Kingdom of Saudi Arabia
Media Statement on the occasion of Zayed Humanitarian Day: Humaid Al Dhaheri, Ma ...
Snap, Savour and Win: Dubai Food Festival and Gulf Photo Plus Launch Photograph ...
Greenpeace MENA Reveals North Africa's Polluters- Time for Urgent Action!
Hotpack Global MD emerges Founding VC of Paper and Tissue Business Group at Duba ...
Dubai Shopping Malls Group Set To Delight Shoppers With New ‘Shop. Scan & Win' E ...
Power to progress: Kia K4 next-generation compact sedan sets new design standard ...
Etihad Rail signs agreement for waste management services with BEEAH Group
Rowland Seeks To Extend Nissan's Podium Streak In Front Of Sell-Out Home Crowd A ...
Union Coop joins forces with Emirates Skywards
Identity and Dubai Police in Wheelchair Basketball final at Nad Al Sheba Sports ...
Abu Dhabi Chamber and UAE International Investors Council Sign Collaboration Agr ...
Al Haramain Group shares its business growth by hosting UAE's largest Iftar for ...
5th Ramadan Heroes supports 224,000+ beneficiaries in two weeks
Call for Entries for Milestone Tenth Edition of Van Cleef & Arpels Middle East E ...
Emirates Adds Saf On Flights From Amsterdam Schiphol Airport
Formula E Races Into Asphalt 9: Legends With Time-Limited Events Ahead Of Tokyo ...