Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

IBM, HP, Microsoft lead patching laggards, says bug buyer

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Dec 2011 01:35:50 -0600 (CST)
http://www.computerworld.com/s/article/9222829/IBM_HP_Microsoft_lead_patching_laggards_says_bug_buyer

By Gregg Keizer
Computerworld
December 19, 2011
IBM, Hewlett-Packard (HP) and Microsoft led the list of companies that failed to patch vulnerabilities within six months of being notified by the world's biggest bug bounty program, according to HP TippingPoint's Zero-Day Initiative (ZDI).
During 2011, TippingPoint -- a division of HP -- released 29 "zero-day" advisories that provided information on vulnerabilities it had reported to vendors six or more months earlier. Ten of the 29 were bugs in IBM software, six in HP's own software and five were in Microsoft products.
Other companies on the list of late-to-patch vendors included CA, Cisco and EMC.
TippingPoint, which may be best known as the sponsor of the annual Pwn2Own hacking contest, buys vulnerabilities from independent security researchers, privately reports them to vendors and then uses the information to craft defenses for its own line of security appliances. 

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Previous By Date Next
Previous By Thread Next

Current thread: