Trend Micro's Zero Day Initiative Again Named Market Leader in Public Vulnerability Disclosures

August 21, 2020 - 03:33
Trend Micro's Zero Day Initiative Again Named Market Leader in Public Vulnerability Disclosures

New Omdia research proves the ZDI accounts for the most software security improvements


HONG KONG, CHINA - Media OutReach - August 20, 2020 - Trend MicroIncorporated (TYO: 4704; TSE: 4704),theleader in cybersecurity solutions, today released results from a new report byOmdia that found its Zero Day Initiative (ZDI) disclosed the mostvulnerabilities in 2019. This independent research analyzed disclosures from 11vulnerability research vendors, with the ZDI maintaining its position as theworld's largest vendor-agnostic bug bounty program for the 10th year in a row.


TheZDI's work helps to improve product security for all users and is especiallyuseful for Trend Micro TippingPoint customers who are protected for an averageof 81 days before vendor patches are released.

"Somany cyber attacks leverage unpatched vulnerabilities, allowing attackers tosteal sensitive data, disrupt operations and spread damaging malware, whichultimately results in losses for victims," said Brian Gorenc, senior director of vulnerability researchfor Trend Micro. "We're proud to continue what we've been doing for 15years -- leading the coordinated disclosure market. Coordinated disclosure iscritical in the vulnerability industry to actually improve software security, whichis what we care about most."


Omdiaevaluated the activity of 11 research organizations/vendors to compile itsstudy, Quantifying the Public Vulnerability Market,cross-referencing this data against information published by governmentagencies including NIST, MITRE and the US CERT/CC.


Outof a total of 1095 vulnerabilities claimed by the 11 vendors, including 14claimed twice, Trend Micro's ZDI accounted for 573 (52.3%), 3.5 times more thanthe next vendor, which disclosed 15%. This market coverage remains consistentwith that of 2018, as the ZDIremains the dominant industry player.


"TrendMicro's Zero Day Initiative continues to lead the vulnerability disclosuremarket, contributing not only the most bugs, but also the most dangerousexposures for business security," said TannerJohnson, senior analyst for Omdia. "Working with vendors that aredepended on by businesses around the globe helps raise the bar for securityacross the board."


TrendMicro also dominated in terms of the number of high severity vulnerabilities(56.2%) and medium severity (60.5%) it discovered and disclosed. Additionally,when analyzing the types of products targeted, a significant total of 269 PDFvulnerabilities disclosed by all vendors last year, with 61% of the total comingfrom the ZDI.


Foundedin 2005, Trend Micro's ZDI changed the vulnerability disclosure market usingbug bounty rewards to incentivize researchers. The ZDI is powered by over10,000 independent researchers contributing research from many different areasof the software landscape, including business applications, operating systems,mobile, IoT and even ICS/SCADA within critical infrastructure. It hasfacilitated the responsible disclosure of over 7,500 vulnerabilities and paidresearchers more than $25 million inbounties.


Readthe full report:

About Trend Micro

Trend Micro Incorporated, a global leader in cybersecuritysolutions, helps to make the world safe for exchanging digital information. Ourinnovative solutions for consumers, businesses, and governments provide layeredsecurity for data centers, cloud environments, networks, and endpoints. All ourproducts work together to seamlessly share threat intelligence and provide aconnected threat defense with centralized visibility and control, enablingbetter, faster protection. With more than 6,000 employees in over 50 countriesand the world's most advanced global threat intelligence, Trend Micro securesyour connected world. For more information, visit .