World’s largest vendor-agnostic vulnerability discovery program
DALLAS--(BUSINESS WIRE)--With threats growing in sophistication daily, quickly identifying and addressing software vulnerabilities has never been more critical. Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, was recently recognized as the leader in global threat expertise due to the strength of its vulnerability research program.
In 2016, Trend Micro Zero Day Initiative (ZDI) reported the most verified vulnerabilities, with 52.2 percent of the global total of 1,262, according to a Frost & Sullivan report.* Recognized as the global leader in vulnerability research and discovery since 2007, ZDI continues to lead the industry in the identification of high-severity and critical bugs.
Trend Micro customers benefit most from this vulnerability leadership with assured protection while potentially affected vendors develop patches for the unprotected software. In 2016, Trend Micro averaged 57 days protection ahead of a vendor patch for customers using their solutions.
This bounty-style program is a key pillar of the multifaceted Trend Micro Research, which also includes threat researchers, data scientists and a variety of labs. This research, combined with third-party intelligence, a network of white hats, honey pots, web crawlers and customer insights continuously strengthen the Trend Micro Smart Protection Network™, the cloud-based global threat intelligence that fuels all of Trend Micro’s XGen™ security solutions.
Mike Gibson, vice president of threat research for Trend Micro, said, “In April 2017, The Shadow Brokers released a number of tools that exploit flaws in numerous products - including several versions of Microsoft products. Vulnerability information for two of these are exploits were submitted through the Zero Day Initiative in 2006. This allowed customers to be protected before patches were made for those vulnerabilities.”
Gibson continued, “The conversation regarding the importance of data security may have begun in the server room, but has since been elevated to a critical boardroom discussion. Without running a cross-generational security solution, compliance regulations, customer data and a company’s brand reputation are all at risk.”
ZDI’s charter encourages the responsible disclosure of zero-day vulnerabilities to affected vendors by financially rewarding external researchers. In addition to internal vulnerability research from ZDI, vulnerabilities are bought not only through regular bounty exchanges, but also through the Pwn2Own and Mobile Pwn2Own contests. These events bring an influx of vulnerabilities to the program, encouraging responsible disclosure through the program rather than offered for sale in underground markets for malicious use. This year’s Mobile Pwn2Own event will take place November 1 and 2, in Tokyo, Japan.
“Trend Micro ZDI serves an important role as the global leader in vulnerability discovery,” said Jason Reed, Senior Industry Analyst of Frost & Sullivan. “The program encourages the responsible disclosure of bugs, facilitating vendor patching and protecting Trend Micro customers while patches are being developed. Buying and ensuring patches of so many vulnerabilities in such a wide range of platforms truly supports a safer connected experience for businesses and end users.”
To access a copy of the full report, click here.
About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With over 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.
* “Analysis of the Global Public Vulnerability Research Market, 2016.” Frost & Sullivan. July 2017.