TippingPoint's 'Zero-Day Initiative' to Publish Unpatched Flaws

["Fergie" <fergdawg () netzero net>]

Via eWeek.

[snip]

A security company that pays hackers for information on software
exploits and flaws plans to release a list of 29 unpatched flaws in
products sold by a host of big-name vendors, including Microsoft, IBM,
Apple Computer and Novell.

The Aug. 28 disclosure from TippingPoint's ZDI (Zero Day Initiative)
flaw bounty program is a significant change to the way the 3Com-owned
company has handled the disclosure of vulnerability data it buys from
external researchers.

Instead of waiting for software makers to issue patches, TippingPoint
will announce the flaw purchase in bare-bones advisories at the time
the issue is reported to the vendor.

[snip]

More:
http://www.eweek.com/article2/0,1759,2009403,00.asp

And:
http://www.zerodayinitiative.com/upcoming_advisories.html

Enjoy. :-)

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.