Careers & Certifications

06:10 PM
Connect Directly
RSS
E-Mail
50%
50%

TippingPoint Posts List Of Upcoming Bugs

TippingPoint marks the first anniversary of its bug bounty program by posting a list of more than two-dozen unpatched flaws.

TippingPoint on Monday marked the first anniversary of its bug bounty program by posting a list of more than two-dozen unpatched flaws in software made by such big name developers as Adobe, Apple, Microsoft, Sun, and Symantec.

An arm of 3com, TippingPoint debuted its Zero Day Initiative (ZDI) in July 2005 as the second ongoing bounty program; iDefense, now part of VeriSign, was the first. Since then, the Austin, Texas security company's ZDI has posted advisories on 30 vulnerabilities that were subsequently patched.

Its new list, however, is a departure for TippingPoint. "Over the past year, the most resounding suggestion from our ZDI researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero-day vulnerabilities," said David Endler, director of security research, in a statement.

Of the 22 ZDI-discovered and reported vulnerabilities on TippingPoint's list, 6 are for Microsoft products; 3 for Novell; and 2 each for Symantec, Apple, and Computer Associates. Other vendors represented include Citrix, IBM, and Adobe. Some of the flaws were reported to the appropriate vendor as long ago as 306 days, while 6 were only 14 days "old."

Six other vulnerabilities have been found by TippingPoint's own researchers, and at least one more will be posted to the list later this week.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
7
Have You Hugged Your Sysadmin Today?
Susan Fogarty, Editor in Chief,  7/25/2014
6
Cisco Certifications Confront Changing Skills Needs
Ethan Banks, Senior Network Architect,  7/30/2014
1
IT Budgets Up In 2015, Hiring Tepid
Robert Mullins 7/25/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
Video
Slideshows
Twitter Feed