HP TippingPoint gives deadline to vendors
By Ian McCollister | August 5, 2010 10:51 PM EST
HP TippingPoint, the world's biggest bug bounty program, says that it will impose a six-month deadline on vendors. The security initiative, says that it would release vulnerability information, even if a patch has not been released.
"We're going to be enforcing a six-month deadline as general policy," said Aaron Portnoy, head of HP TippingPoint's security research team.
The move is a major development for TippingPoint's Zero Day Initiative (ZDI). ZDI, which purchases vulnerability reports from independent security researchers and then privately reports them to vendors to help tailor defenses for security appliances, had a policy of indefinitely withhold information on a vulnerability. The initiative would only publish its information after a patch had been issued.
ZDI will now give vendors six months to get a patch ready. Bugs in ZDI's queue were given a deadline that expires in six months: Feb. 4, 2011.
If by the deadline for a fix is not ready, ZDI will issue an advisory on the vulnerability, as well as any solutions the initiative can formulate.
As of the moment, ZDI is holding information on 31 critical bugs. The initiative reported the problems to vendors a year ago or longer.
To contact the editor, e-mail:
Join the Conversation
- Russia Is Ready for Shooting War, Will Likely Win Looming Nuclear Showdown with U.S. – Report
- Microsoft Band Runs Out Of Stock, But Offers $10 Gift Voucher To Wait-Listed Customers
- Black Friday And Cyber Monday Sale 2014: AT&T's Cricket Wireless Offers Discounts On Lumia 1320, Galaxy S5, S4 And HTC Desire 510
- Google Joins Forces with GoPro Inc with New Google Maps Focusing on Destination
- Target Early Black Friday 2014 Sale Ad Released For Nov. 26, 2014 Includes Deals On Toys, HDTVs And Video Games Such As ‘FIFA 15’ And ‘NHL 15’ For Xbox 360 [WATCH VIDEO]
- 16GB iPhone 6 for $99 at Sam’s Club is the Best 2014 Black Friday Deal Around
- Lumia Update Will Come Soon Confirms Microsoft