3Com Launches Revolutionary Vulnerability Discovery Program, Setting The Clock Back On Zero Day Attacks

MALBOROUGH, Mass. July 25, 2005 – 3Com and its TippingPoint division today announced the formation of the Zero Day Initiative (ZDI), aimed at ensuring the responsible disclosure of security flaws, also known as vulnerabilities, in order to make technology more secure for users. The goal of the zero day initiative is to proactively protect businesses as soon as possible against newly discovered vulnerabilities.

As part of the program, 3Com will reward security researchers who responsibly reveal information on newly discovered vulnerabilities, as opposed to publicly posting the potentially harmful information, catching businesses and vendors off-guard and unprotected. 3Com will notify affected vendors of security flaws so they can immediately begin working on a solution, most often in the form of a patch. The vulnerabilities will only be disclosed publicly by 3Com once the affected vendor is able to offer a solution to end users, mitigating the threat. 3Com will also use the information to provide preemptive protection to customers through its TippingPoint Digital Vaccine® service. Additionally, 3Com plans to share vulnerability details freely with other security vendors prior to public disclosure.

“Through this program, we seek to ensure that newly discovered vulnerabilities are managed, disclosed and remediated responsibly, so they don’t pose a threat to businesses,” said 3Com Chief Technology Officer Marc Willebeek-LeMair. “The sooner we have information about a vulnerability, the sooner we can deliver protection to our customers. Ultimately, this benefits everyone: security and technology vendors, security researchers, end users, as well as 3Com and its TippingPoint division customers.”

Vulnerabilities enable attackers to gain control of a system for malicious purposes. They can also result in worms or Denial of Service attacks, which can bring down entire networks. Zero day disclosure occurs when the discoverer of the vulnerability discloses the flaw to the public without notifying the vendor, putting businesses at risk from the time of disclosure until the affected vendor issues a patch. It can take vendors weeks or months to supply a patch.

Intrusion Prevention Systems (IPS), like TippingPoint’s, are one of the few methods of proactive protection. In addition to reducing industry-wide security risks, obtaining advanced information on vulnerabilities enables 3Com to offer its TippingPointTM IPS customers even more preemptive protection than currently provided through the TippingPoint Digital Vaccine update service.

“Our world-class security research team is already on the forefront of the industry, well ahead of the game when it comes to providing advanced vulnerability protection,” said David Endler, Director of Security Research for 3Com’s TippingPoint division. “This program will extend our research organization even further, and enable us to tap some of the brilliant minds in the global security research community. Prior to the availability of a vendor-supplied solution or patch, our customers will be protected against threats they aren’t even aware of through our Digital Vaccine service.”

Many security researchers want to be recognized for their discovery, but they don’t always achieve that in a responsible manner. With this program, the researcher is recognized for the discovery when the vulnerability is publicly disclosed with the vendor’s patch.

“3Com’s initiative is a positive step for the industry,” said In-Stat Research Analyst Victoria Fodale. “Viruses or worms that take advantage of vulnerabilities that vendors are not yet aware of can be devastating to an organization. Both vendors and customers stand to benefit from this program. 3Com and its TippingPoint division are to be commended for taking this leadership position.”

For more information, please visit www.zerodayinitiative.com.

About TippingPoint, a division of 3Com
TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.

About 3Com Corporation
3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.