Before It Bytes!

ZDI Makes good on release of vuln information

Back in August the Zero Day Initiative, a program founded by HP’s TippingPoint, announced that they would be making changes to their process due to vulnerabilities which  seemed to hang around forever. Because the timeline for disclosure of vulnerabilities had been controlled by the vendors, some appear to drag their feet on patching them. Anyone who has seen the Stack of Shame over on HNN knows what they mean. To avoid this, the ZDI implemented a six month deadline, after which details of the vulnerability would be publicly disclosed.

Well, the six month birthday has hit for some vulnerabilities, and the ZDI has started releasing the information on vulnerabilities for some big name vendors such as Microsoft, CA, Novell, SCO and even TippingPoint’s parent, HP.

The details are available over at TippingPoint’s DVLabs blog.

One Response to ZDI Makes good on release of vuln information

  1. Space Rogue says:

    Note: there are still 10 vulnerabilities that have not dropped, even though they are past the 6 month time limit. Waiting on ZDI.

    – SR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.