To be your most resilient, your security vendor must have the breadth and depth of vulnerability knowledge necessary to detect both known and unknown threats. Omdia, a global research leader that aims to enable organisations to make informed technology choices, recently released the 2021 edition of Quantifying the Public Vulnerability Market.
This report examines the disclosure output of 11 vendors by cross-referencing vendor data against information published by various government agencies, such as: MITRE, the National Institute of Standards and Technology (NIST), and the United Stated Computer Emergency Response Team Coordination Centre (US CERT/CC). Through comparative analysis and research, Omdia provides visible metrics to gauge the severity of the vulnerabilities and which vendor disclosed them.
By the numbers
Trend Micro™ Zero Day Initiative™ (ZDI) accounted for 60.5% of the vulnerabilities disclosed in a new Omdia study. The ZDI maintains its position as the world’s largest vendor-agnostic bug bounty programme for the 13th consecutive year. Trend Micro had the most disclosures across all severity levels, with 77% of their disclosures being critical or high severity rating.
“The number of vulnerabilities discovered by all independent researchers totalled less than half of those offered by Trend Micro,” said Tanner Johnson, principal analyst for Omdia. “The ZDI focuses on vulnerabilities in a broad range of services, with a great deal of its effort directed toward vulnerabilities in networking and PDF software, which are critical to enterprise security.”
Omdia appraised 1,365 unique, verified vulnerabilities disclosed in 2020 claimed by the 11 vendors. Of these, ZDI disclosed 825 bugs, three times more than the next vendor, which disclosed 242. The ZDI increased its market coverage by 8.2% from the previous year, strengthening its position as industry leader even further.
Why it matters
Simply put, our advanced knowledge of so many different vulnerabilities enable us to approach developing new capabilities for protecting our customers faster and more effectively.
“As recent events around Microsoft Exchange Server have highlighted yet again, vulnerabilities remain at the heart of the challenge for those fighting on the frontline against threat actors,” said Brian Gorenc, senior director of vulnerability research for Trend Micro. “That’s why we remain committed to incentivising researchers to find and responsibly disclose bugs. This benefits users everywhere, and especially Trend Micro TippingPoint customers who were protected for 81 days on average before the release of a vendor patch in 2020.”
About the Zero Day Initiative
Founded in 2005, Trend Micro’s Zero Day Initiative pioneered the development of the responsible disclosure market for vulnerabilities, which leverages bug bounty rewards to incentivise researchers. The programme has reported more than 7,500 flaws to affected vendors to date. Over 10,000 researchers globally have now been paid more than $25 million in bounties.
See the entire break down of how Trend Micro stacks up against other security vendors in the Quantifying the Public Vulnerability Market: 2021 report by Omdia.