Our Mission
Trend ZDI was created in 2005 to encourage the reporting of 0-day vulnerabilities privately to affected vendors by financially rewarding researchers. At the time, some in the information security industry perceived those who discovered vulnerabilities as malicious hackers with harmful intentions. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who discover new software flaws.
Incorporating the global community of independent researchers also augments our internal research organizations with additional zero-day research and exploit intelligence. This approach coalesced with the formation of Trend ZDI. The main goals of Trend ZDI are to:
Amplify team efficacy by creating a virtual community of skilled researchers.
Encourage responsible reporting of zero-day vulnerabilities through financial incentives.
Protect Trend Micro customers from harm until the affected vendor is able to deploy a patch.
Today, Trend ZDI represents the world’s largest vendor-agnostic bug bounty program. Our approach to the acquisition of vulnerability information is different than other programs. No technical details concerning the bugs are released publicly until the vendor mitigates the issue. It enables Trend to extend its internal research teams by leveraging the methodologies, expertise and time of external researchers while protecting customers as affected vendors work on a patch.
Independent researchers from around the globe provide us with exclusive information about unpatched vulnerabilities. Our internal researchers and analysts validate the issue in our security labs and make a monetary offer to the researcher. If they accept the offer, a payment will be promptly made. Submitting through the Trend ZDI eliminates the need for researchers to track bugs with vendors. We make every effort to work with vendors to ensure they understand the technical details and severity of a reported security flaw, which leaves researchers free to find other bugs.
