Trend Micro’s Zero Day Initiative Again Named Market Leader in Public Vulnerability Disclosures

0

New Omdia research proves the ZDI accounts for the most software security improvements

 

HONG KONG, CHINA – Media OutReach – August 20, 2020 – Trend Micro
Incorporated
(TYO: 4704; TSE: 4704),
the
leader in cybersecurity solutions, today released results from a new report by
Omdia that found its Zero Day Initiative (ZDI) disclosed the most
vulnerabilities in 2019. This independent research analyzed disclosures from 11
vulnerability research vendors, with the ZDI maintaining its position as the
world’s largest vendor-agnostic bug bounty program for the 10th year in a row.

 

The
ZDI’s work helps to improve product security for all users and is especially
useful for Trend Micro TippingPoint customers who are protected for an average
of 81 days before vendor patches are released.

“So
many cyber attacks leverage unpatched vulnerabilities, allowing attackers to
steal sensitive data, disrupt operations and spread damaging malware, which
ultimately results in losses for victims,” said Brian Gorenc, senior director of vulnerability research
for Trend Micro. “We’re proud to continue what we’ve been doing for 15
years — leading the coordinated disclosure market. Coordinated disclosure is
critical in the vulnerability industry to actually improve software security, which
is what we care about most.”

 

Omdia
evaluated the activity of 11 research organizations/vendors to compile its
study, Quantifying the Public Vulnerability Market,
cross-referencing this data against information published by government
agencies including NIST, MITRE and the US CERT/CC.

 

Out
of a total of 1095 vulnerabilities claimed by the 11 vendors, including 14
claimed twice, Trend Micro’s ZDI accounted for 573 (52.3%), 3.5 times more than
the next vendor, which disclosed 15%. This market coverage remains consistent
with that of 2018, as the ZDI
remains the dominant industry player.

 

“Trend
Micro’s Zero Day Initiative continues to lead the vulnerability disclosure
market, contributing not only the most bugs, but also the most dangerous
exposures for business security,” said Tanner
Johnson
, senior analyst for Omdia. “Working with vendors that are
depended on by businesses around the globe helps raise the bar for security
across the board.”

 

Trend
Micro also dominated in terms of the number of high severity vulnerabilities
(56.2%) and medium severity (60.5%) it discovered and disclosed. Additionally,
when analyzing the types of products targeted, a significant total of 269 PDF
vulnerabilities disclosed by all vendors last year, with 61% of the total coming
from the ZDI.

 

Founded
in 2005, Trend Micro’s ZDI changed the vulnerability disclosure market using
bug bounty rewards to incentivize researchers. The ZDI is powered by over
10,000 independent researchers contributing research from many different areas
of the software landscape, including business applications, operating systems,
mobile, IoT and even ICS/SCADA within critical infrastructure. It has
facilitated the responsible disclosure of over 7,500 vulnerabilities and paid
researchers more than $25 million in
bounties.

 

Read
the full report:

https://resources.trendmicro.com/rs/945-CXD-062/images/OMDIA_Public_Vulnerability_Report_July_2020.pdf.

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecurity
solutions, helps to make the world safe for exchanging digital information. Our
innovative solutions for consumers, businesses, and governments provide layered
security for data centers, cloud environments, networks, and endpoints. All our
products work together to seamlessly share threat intelligence and provide a
connected threat defense with centralized visibility and control, enabling
better, faster protection. With more than 6,000 employees in over 50 countries
and the world’s most advanced global threat intelligence, Trend Micro secures
your connected world. For more information, visit www.trendmicro.com.hk .