Trend Micro's Zero Day Initiative Celebrates 20 Years of Industry Leadership
Bug bounty program incentivizes security research to make customers and industry safer
To learn more about the Trend Zero Day Initiative™, visit: https://www.trendmicro.com/en_us/zero-day-initiative/about.html
Trend ZDI is a leader in global vulnerability research and disclosure. In 2024 it helped to responsibly disclose 73% of all vulnerabilities—more than all other participating vendors combined, according to Omdia.
The research behind these newly discovered bugs ensures that Trend customers receive virtual patches against zero-day vulnerabilities. These virtual patches are available, on average, more than two months before official vendor updates are available.
But the ZDI doesn't just benefit Trend customers. It makes the digital world safer for everyone by ensuring software flaws are fixed by vendors before threat actors can exploit them.
The program comes from humble beginnings, when it was launched in 2005 by TippingPoint, a division of 3Com. The idea was simple: financially incentivize the security research community to find zero-days in common products and responsibly disclose those to the relevant vendor so they can make their products more secure.
The now-famous Pwn2Own competition followed in 2007, offering teams of researchers an opportunity to go head-to-head against each other and the clock to find zero-days in pre-selected product categories.
Trend became the custodian of the ZDI in 2016 after acquiring TippingPoint. Today, the program boasts 450+ dedicated researchers working from 14 global threat centers, and a wider community of over 19,000 vulnerability researchers.
Highlights of the ZDI program include:
- ZDI researchers discovered that a patch for a LNK vulnerability exploited by the infamous Stuxnet worm did not work properly. Their research enabled Microsoft to issue a new patch, five years after the original
-
ZDI researchers were awarded
$125,000 from Microsoft for discovering a bypass for defensive measures Microsoft had implemented in Internet Explorer. The fee was donated to charity, but the technique was so novel it earned a patent - ZDI researcher found two zero-days in Apple's QuickTime for Windows software, prompting the tech giant to cease support for the product. ZDI led the charge to urge QuickTime customers to uninstall it
- The ZDI's work has helped to disrupt covert government operations on numerous occasions, including the Black Energy APT which has frequently targeted
Ukraine over the years - A ZDI researcher won a 2023 Pwnie for "most under-hyped research" when he discovered a whole new exploit class: activation context cache poisoning
About
View original content to download multimedia:https://www.prnewswire.com/news-releases/trend-micros-zero-day-initiative-celebrates-20-years-of-industry-leadership-302524896.html
SOURCE
