Tippingpoint, which operated the "Zero Day Initiative" bug bounty program released 22 vulnerabilities for which no patch is available [1]. Last year, Tippingpoint announced that they will release details 180 days after they are aware of a bug, even if the vendor has not yet released a patch. The details released include a one paragraph description of the vulnerability, which in itself is usually not enough to come up with an exploit, but it may provide a pointer to re-discover the vulnerability. [1] http://www.zerodayinitiative.com/advisories/published/ ------ |
Johannes 4068 Posts ISC Handler Feb 8th 2011 |
Thread locked Subscribe |
Feb 8th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!