Information Security News mailing list archives
IBM, HP, Microsoft lead patching laggards, says bug buyer
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Dec 2011 01:35:50 -0600 (CST)
http://www.computerworld.com/s/article/9222829/IBM_HP_Microsoft_lead_patching_laggards_says_bug_buyer By Gregg Keizer Computerworld December 19, 2011IBM, Hewlett-Packard (HP) and Microsoft led the list of companies that failed to patch vulnerabilities within six months of being notified by the world's biggest bug bounty program, according to HP TippingPoint's Zero-Day Initiative (ZDI).
During 2011, TippingPoint -- a division of HP -- released 29 "zero-day" advisories that provided information on vulnerabilities it had reported to vendors six or more months earlier. Ten of the 29 were bugs in IBM software, six in HP's own software and five were in Microsoft products.
Other companies on the list of late-to-patch vendors included CA, Cisco and EMC.
TippingPoint, which may be best known as the sponsor of the annual Pwn2Own hacking contest, buys vulnerabilities from independent security researchers, privately reports them to vendors and then uses the information to craft defenses for its own line of security appliances.
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- IBM, HP, Microsoft lead patching laggards, says bug buyer InfoSec News (Dec 19)