Trend Micro Zero Day Initiative™ Sheds Light on Software Vulnerabilities: Customers Protected up to 70 Days Before Patches
ZDI pays over
One of the biggest challenges for organizations in managing cyber risk is dealing with the volume of emerging threats against available security resources. Software companies and electric vehicle (EV) manufacturers must triage and prioritize what vulnerabilities they fix, leading to an all-time high of known but unpatched problems. While the industry average time to respond and protect sits above 70 days, ZDI research enables protection for Trend customers almost immediately.
Key highlights from Pwn2Own
- Researchers disclosed 29 unique 0-day vulnerabilities and earned
$1,132,500 in prizes - All major web browsers were compromised during the event
- The Tesla Model 3 ECU was hacked with an over-the-air exploit
- Researchers demonstrated the first ever Docker escape (when an attacker is able to break out of a container and gain access to the host system) at Pwn2Own
Disclosures made to the ZDI by researchers at Pwn2Own and independently year-round allow software developers to learn about vulnerabilities before cybercriminals find them. While this ultimately benefits enterprises, supply chains, infrastructure, and customers, ZDI research has shown that vendors are increasingly neglecting to respond to disclosures in a timely manner.
When vulnerabilities are discovered, enterprises and cybersecurity vendors simply have to wait for a patch to be released. In-depth threat awareness generated by Pwn2Own enables Trend to protect its customers with virtual patches to ensure there is no lapse in protection. This applies to over 1,000 vulnerabilities per year directly attributed to disclosure through the ZDI.
Discovering and mitigating vulnerabilities in the real world has a direct correlation to reducing cyber risk across the board. Security teams at organizations of all sizes are increasingly overwhelmed by threats that exceed their purview, which can include threats to office equipment, industrial equipment, connected vehicles and EVs, and employees' home office devices such as smartphones, NAS devices, cameras, printers, routers and personal vehicles.
Pwn2Own pays bounties to researchers for the responsible discovery and disclosure of vulnerabilities in software and hardware that billions of people rely on daily. This research improves Trend's industry-leading threat intelligence and uncovers new software exploitation techniques. The contest also pushes the industry forward in the fight against cybercrime.
Follow @TheZDI for more info on upcoming Pwn2Own events and the latest threat research.
About Trend
View original content to download multimedia:https://www.prnewswire.com/news-releases/trend-micro-zero-day-initiative-sheds-light-on-software-vulnerabilities-customers-protected-up-to-70-days-before-patches-302105451.html
SOURCE