HP has enhanced the TippingPoint Zero Day Initiative (ZDI) that calls for the publishing of vulnerability advisories no later than six months after flaws are detected and submitted to the program. The new policy is aimed at enforcing deadline to help eliminate vulnerabilities in vendor software by releasing details of the vulnerabilities so end-users can take precautionary measures. By establishing a deadline, ZDI is encouraging vendors to fix affected software quickly, reducing the risk of potential security attacks through identified weaknesses in these applications. .
ZDI, managed by HP TippingPoint, is a research program designed to improve security by identifying software flaws that lead to cyber attacks and security breaches. This policy update makes ZDI one of the first vendor-agnostic research organizations to impose a time limit on vulnerability disclosure cycles.
The new policy also enables HP to easily keep its TippingPoint clients’ systems up to date and protected from the latest security exploits. Once vulnerabilities are validated by ZDI, HP TippingPoint’s Digital Vaccine Labs (DVLabs) immediately develops a filter to provide protection from threats targeted at that weakness. This process enables HP TippingPoint Intrusion Prevention System (IPS) clients to more quickly harden their networks against security attacks.
”Comprehensive protection of critical data assets requires organizations to keep their defenses up to date as malicious activity reaches new levels and applications become more complex,” said Aaron Portnoy, manager, Security Research, TippingPoint, HP. “This policy change is critical for staying ahead of threats so users can reduce data, financial and productivity loss.”
More information about HP TippingPoint solutions is available at www.hp.com/go/networking.