Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.
In a significant revision to its disclosure guidelines, the vulnerability broker announced it would establish strict 30-day deadlines for critical-level bug reports resulting from flawed or incomplete patches in an intentional effort to buck a worrying trend regarding patch quality and vendor communications transparency.
Aggressive deadlines are one of the few tools available to influence software vendors. The vulnerability wholesaler typically gives companies up to 120 days to patch security vulnerabilities purchased from bug-bounty hackers.
For more such updates follow us on Google News ITsecuritywire News