HP announced an enhancement to the HP TippingPoint Zero Day Initiative (ZDI) that calls for the publishing of vulnerability advisories no later than six months after flaws are detected and submitted to the program.
After this period, ZDI will publically release limited details of the vulnerabilities so end-users can take precautionary measures. By establishing a deadline, ZDI is encouraging vendors to fix affected software quickly, reducing the risk of potential security attacks through identified weaknesses in these applications.
ZDI, managed by HP TippingPoint, is a research program designed to improve security by identifying software flaws that lead to cyber attacks and security breaches. This policy update makes ZDI one of the first vendor-agnostic research organizations to impose a time limit on vulnerability disclosure cycles.
“Comprehensive protection of critical data assets requires organizations to keep their defenses up to date as malicious activity reaches new levels and applications become more complex,” said Aaron Portnoy, manager, Security Research, TippingPoint, HP. “This policy change is critical for staying ahead of threats so users can reduce data, financial and productivity loss.”