Tippingpoint Releases Details on Unpatched Bugs
Tippingpoint, which operated the "Zero Day Initiative" bug bounty program released 22 vulnerabilities for which no patch is available [1]. Last year, Tippingpoint announced that they will release details 180 days after they are aware of a bug, even if the vendor has not yet released a patch.
The details released include a one paragraph description of the vulnerability, which in itself is usually not enough to come up with an exploit, but it may provide a pointer to re-discover the vulnerability.
[1] http://www.zerodayinitiative.com/advisories/published/
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Keywords: tippingpoint zdi
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments