Independent Omdia study finds ZDI reported 60.5% of appraised bugs in 2020
Trend Micro Incorporated, a global cybersecurity leader, announced its Zero Day Initiative (ZDI) accounted for 60.5% of the vulnerabilities disclosed in a new Omdia study. The ZDI maintains its position as the world’s largest vendor-agnostic bug bounty program for the 13th consecutive year. The ZDI had the most disclosures across all severity levels, with 77% of their disclosures being critical or high severity rating.
Recommended ITech News: WatchGuard Delivers Endpoint Security for Qualcomm Snapdragon 5G PCs
“As recent events around Microsoft Exchange Server have highlighted yet again, vulnerabilities remain at the heart of the challenge for those fighting on the frontline against threat actors,” said Brian Gorenc, senior director of vulnerability research for Trend Micro. “That’s why we remain committed to incentivizing researchers to find and responsibly disclose bugs. This benefits users everywhere, and especially Trend Micro TippingPoint customers who were protected for 81 days on average before the release of a vendor patch in 2020.”
Omdia appraised 1,365 unique, verified vulnerabilities disclosed in 2020 claimed by the 11 vendors. Of these, ZDI disclosed 825 bugs, three times more than the next vendor, which disclosed 242. The ZDI increased its market coverage by 8.2% from the previous year, strengthening its position as industry leader even further.
Recommended ITech News: Immuta Announces Universal Data Access Control for Lakehouse Architectures
The report also recognized the ZDI Research Rewards program, which, similar to frequent flyer miles from an airline, enables researchers to earn increased rewards and bonuses by continuing to work with the ZDI.
“The number of vulnerabilities discovered by all independent researchers totaled less than half of those offered by Trend Micro,” said Tanner Johnson, principal analyst for Omdia. “The ZDI focuses on vulnerabilities in a broad range of services, with a great deal of its effort directed toward vulnerabilities in networking and PDF software, which are critical to enterprise security.”
Recommended ITech News: ScyllaDB Announces Scylla Enterprise 2021 NoSQL Database
