Careers & Certifications

06:10 PM
Connect Directly
RSS
E-Mail
50%
50%

TippingPoint Posts List Of Upcoming Bugs

TippingPoint marks the first anniversary of its bug bounty program by posting a list of more than two-dozen unpatched flaws.

TippingPoint on Monday marked the first anniversary of its bug bounty program by posting a list of more than two-dozen unpatched flaws in software made by such big name developers as Adobe, Apple, Microsoft, Sun, and Symantec.

An arm of 3com, TippingPoint debuted its Zero Day Initiative (ZDI) in July 2005 as the second ongoing bounty program; iDefense, now part of VeriSign, was the first. Since then, the Austin, Texas security company's ZDI has posted advisories on 30 vulnerabilities that were subsequently patched.

Its new list, however, is a departure for TippingPoint. "Over the past year, the most resounding suggestion from our ZDI researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero-day vulnerabilities," said David Endler, director of security research, in a statement.

Of the 22 ZDI-discovered and reported vulnerabilities on TippingPoint's list, 6 are for Microsoft products; 3 for Novell; and 2 each for Symantec, Apple, and Computer Associates. Other vendors represented include Citrix, IBM, and Adobe. Some of the flaws were reported to the appropriate vendor as long ago as 306 days, while 6 were only 14 days "old."

Six other vulnerabilities have been found by TippingPoint's own researchers, and at least one more will be posted to the list later this week.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
18
IT Hiring: Social Media Matters
Marcia Savage, Managing Editor, Network Computing,  8/27/2014
5
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed