Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TippingPoint Posts List Of Upcoming Bugs

TippingPoint on Monday marked the first anniversary of its bug bounty program by posting a list of more than two-dozen unpatched flaws in software made by such big name developers as Adobe, Apple, Microsoft, Sun, and Symantec.

An arm of 3com, TippingPoint debuted its Zero Day Initiative (ZDI) in July 2005 as the second ongoing bounty program; iDefense, now part of VeriSign, was the first. Since then, the Austin, Texas security company's ZDI has posted advisories on 30 vulnerabilities that were subsequently patched.

Its new list, however, is a departure for TippingPoint. "Over the past year, the most resounding suggestion from our ZDI researchers was to add more transparency to our program by publishing the pipeline of vendors with pending zero-day vulnerabilities," said David Endler, director of security research, in a statement.

Of the 22 ZDI-discovered and reported vulnerabilities on TippingPoint's list, 6 are for Microsoft products; 3 for Novell; and 2 each for Symantec, Apple, and Computer Associates. Other vendors represented include Citrix, IBM, and Adobe. Some of the flaws were reported to the appropriate vendor as long ago as 306 days, while 6 were only 14 days "old."

Six other vulnerabilities have been found by TippingPoint's own researchers, and at least one more will be posted to the list later this week.

  • 1