HP's TippingPoint ZDI to set a vulnerability disclosure deadline of six months

News by SC Staff

HP TippingPoint is to update its initiative program to improve security for clients.

HP TippingPoint is to update its initiative program to improve security for clients.

It is now calling for the publication of vulnerability advisories no later than six months after flaws are detected and submitted to the program. After this period, the Zero-Day Initiative (ZDI) will publicly release limited details of the vulnerabilities so end-users can take precautionary measures.

It claimed that by establishing a deadline, ZDI is encouraging vendors to fix affected software quickly, reducing the risk of potential security attacks through identified weaknesses in these applications.

Aaron Portnoy, manager of security research at HP TippingPoint, said: “Comprehensive protection of critical data assets requires organisations to keep their defences up-to-date as malicious activity reaches new levels and applications become more complex. This policy change is critical for staying ahead of threats so users can reduce data, financial and productivity loss.”

It also claimed that the policy change also makes it easier to keep its TippingPoint clients' systems up-to-date and protected from the latest security exploits. Once vulnerabilities are validated by ZDI, HP TippingPoint's Digital Vaccine Labs immediately develops a filter to provide protection from threats targeted at that weakness. According to the company, this process enables its intrusion prevention system clients to more quickly harden their networks against security attacks.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews