Independent Omdia study finds ZDI reported 60.5% of appraised bugs in 2020
HONG KONG SAR – Media OutReach – 27 May 2021 – (;),
a global
cybersecurity leader, today announced its Zero Day Initiative (ZDI)
accounted for 60.5% of the vulnerabilities disclosed in a new Omdia study. The
ZDI maintains its position as the world’s largest vendor-agnostic bug bounty
program for the 13th consecutive year. The ZDI had the most
disclosures across all severity levels, with 77% of their disclosures being
critical or high severity rating.
The analyst firm’s independent report, Quantifying the
Public Vulnerability Market: 2021 Edition, offers a comprehensive
comparative analysis of 11 of the world’s most prolific security research and
vulnerability disclosure organizations. Click here to read the full report: https://resources.trendmicro.com/rs/945-CXD-062/images/Omdia_Vulnerability-Project-Whitepaper.pdf.
“As recent
events around Microsoft Exchange Server have highlighted yet again,
vulnerabilities remain at the heart of the challenge for those fighting on the
frontline against threat actors,” said Brian Gorenc, senior director of
vulnerability research for Trend Micro. “That’s why we remain committed to
incentivizing researchers to find and responsibly disclose bugs. This benefits
users everywhere, and especially Trend Micro TippingPoint customers who were
protected for 81 days on average before the release of a vendor patch in 2020.”
Omdia
appraised 1,365 unique, verified vulnerabilities disclosed in 2020 claimed by
the 11 vendors. Of these, ZDI disclosed 825 bugs, three times more than the
next vendor, which disclosed 242. The ZDI increased its market coverage by 8.2%
from the previous year, strengthening its position as industry leader even
further.
The report
also recognized the ZDI Research Rewards program, which, similar to frequent
flyer miles from an airline, enables researchers to earn increased rewards and
bonuses by continuing to work with the ZDI.
“The number
of vulnerabilities discovered by all independent researchers totaled less than
half of those offered by Trend Micro,” said Tanner Johnson, principal analyst
for Omdia. “The ZDI focuses on vulnerabilities in a broad range of services,
with a great deal of its effort directed toward vulnerabilities in networking
and PDF software, which are critical to enterprise security.”
Founded in
2005, Trend Micro’s ZDI pioneered the development of the responsible disclosure
market for vulnerabilities, which leverages bug bounty rewards to incentivize
researchers. The program has reported more than 7,500 flaws to affected vendors
to date. Over 10,000 researchers globally have now been paid more than $25
million in bounties.
Source link