http://www.computerworld.com/s/article/9222829/IBM_HP_Microsoft_lead_patching_laggards_says_bug_buyer By Gregg Keizer Computerworld December 19, 2011 IBM, Hewlett-Packard (HP) and Microsoft led the list of companies that failed to patch vulnerabilities within six months of being notified by the world's biggest bug bounty program, according to HP TippingPoint's Zero-Day Initiative (ZDI). During 2011, TippingPoint -- a division of HP -- released 29 "zero-day" advisories that provided information on vulnerabilities it had reported to vendors six or more months earlier. Ten of the 29 were bugs in IBM software, six in HP's own software and five were in Microsoft products. Other companies on the list of late-to-patch vendors included CA, Cisco and EMC. TippingPoint, which may be best known as the sponsor of the annual Pwn2Own hacking contest, buys vulnerabilities from independent security researchers, privately reports them to vendors and then uses the information to craft defenses for its own line of security appliances. [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Dec 19 2011 - 23:35:50 PST
This archive was generated by hypermail 2.2.0 : Mon Dec 19 2011 - 23:35:40 PST