New Omdia research proves the ZDI accounts for the most software security improvements

the

leader in cybersecurity solutions, today released results from a new report by

Omdia that found its Zero Day Initiative (ZDI) disclosed the most

vulnerabilities in 2019. This independent research analyzed disclosures from 11

vulnerability research vendors, with the ZDI maintaining its position as the

world’s largest vendor-agnostic bug bounty program for the 10th year in a row.

The

ZDI’s work helps to improve product security for all users and is especially

useful for Trend Micro TippingPoint customers who are protected for an average

of 81 days before vendor patches are released.

“So

many cyber attacks leverage unpatched vulnerabilities, allowing attackers to

steal sensitive data, disrupt operations and spread damaging malware, which

ultimately results in losses for victims,” said Brian Gorenc, senior director of vulnerability research

for Trend Micro. “We’re proud to continue what we’ve been doing for 15

years — leading the coordinated disclosure market. Coordinated disclosure is

critical in the vulnerability industry to actually improve software security, which

is what we care about most.”

Omdia

evaluated the activity of 11 research organizations/vendors to compile its

study, Quantifying the Public Vulnerability Market,

cross-referencing this data against information published by government

agencies including NIST, MITRE and the US CERT/CC.

Out

of a total of 1095 vulnerabilities claimed by the 11 vendors, including 14

claimed twice, Trend Micro’s ZDI accounted for 573 (52.3%), 3.5 times more than

the next vendor, which disclosed 15%. This market coverage remains consistent

with that of 2018, as the ZDI

remains the dominant industry player.

“Trend

Micro’s Zero Day Initiative continues to lead the vulnerability disclosure

market, contributing not only the most bugs, but also the most dangerous

exposures for business security,” said Tanner

Johnson, senior analyst for Omdia. “Working with vendors that are

depended on by businesses around the globe helps raise the bar for security

across the board.”

Trend

Micro also dominated in terms of the number of high severity vulnerabilities

(56.2%) and medium severity (60.5%) it discovered and disclosed. Additionally,

when analyzing the types of products targeted, a significant total of 269 PDF

vulnerabilities disclosed by all vendors last year, with 61% of the total coming

from the ZDI.

Founded

in 2005, Trend Micro’s ZDI changed the vulnerability disclosure market using

bug bounty rewards to incentivize researchers. The ZDI is powered by over

10,000 independent researchers contributing research from many different areas

of the software landscape, including business applications, operating systems,

mobile, IoT and even ICS/SCADA within critical infrastructure. It has

facilitated the responsible disclosure of over 7,500 vulnerabilities and paid

researchers more than $25 million in

bounties.

Read

the full report:

https://resources.trendmicro.com/rs/945-CXD-062/images/OMDIA_Public_Vulnerability_Report_July_2020.pdf.

