Security firm TippingPoint has announced the results of its first Zero Day Initiative, which names and shames vendors with vulnerabilities that go unpatched for more than six months.
IBM was the biggest offender with nine vulnerabilities, followed by Microsoft with five and HP with four. Vendor-specific bug reports are now being posted on the TippingPoint blog.
Aaron Portnoy, manager of security research at TippingPoint, told V3.co.uk that the results of the first six months had been very encouraging.
The company had initially compiled 186 vulnerabilities for the list, but only 22 remained unpatched at the end of the first six months.
"Surprisingly, a lot of companies got onboard. It's been phenomenal getting the message across. Researchers are also supportive, although some said we were giving the software vendors too much time to fix flaws," Portnoy said.
The speed and efficiency in responding to flaws is helped greatly when the vendor has a security response team in place, according to Portnoy, who praised Adobe in particular for putting together a good unit, made up in part by ex-Microsoft employees.
One of the most surprising results of the Zero Day Initiative was the number of vulnerabilities that were discovered almost simultaneously. One particular flaw was discovered and reported by seven different researchers, giving a good indication that hackers will find them too.
The project is necessary because it forces companies to fix flaws and lets researchers get on with finding security holes without having to deal with large companies, Portnoy explained.
"Trying to force a big vendor to do something is a power struggle. We are part of a big company. We disclose more vulnerabilities than anyone else and have the clout to force vendors to change," he said.
"Many researchers with the Zero Day Initiative are converts. They don't want to deal with vendor disclosure."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago