Trend Micro's Zero Day Initiative Again Named Market Leader in Public Vulnerability Disclosures

New Omdia research proves the ZDI accounts for the most software security improvements

DALLAS, Aug. 17, 2020 /PRNewswire/ -- Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today released results from a new report by Omdia that found its Zero Day Initiative (ZDI) disclosed the most vulnerabilities in 2019. This independent research analyzed disclosures from 11 vulnerability research vendors, with the ZDI maintaining its position as the world's largest vendor-agnostic bug bounty program for the 10th year in a row.

The ZDI's work helps to improve product security for all users and is especially useful for Trend Micro TippingPoint customers who are protected for an average of 81 days before vendor patches are released.

"So many cyber attacks leverage unpatched vulnerabilities, allowing attackers to steal sensitive data, disrupt operations and spread damaging malware, which ultimately results in losses for victims," said Brian Gorenc, senior director of vulnerability research for Trend Micro. "We're proud to continue what we've been doing for 15 years – leading the coordinated disclosure market. Coordinated disclosure is critical in the vulnerability industry to actually improve software security, which is what we care about most."

Omdia evaluated the activity of 11 research organizations/vendors to compile its study, Quantifying the Public Vulnerability Market, cross-referencing this data against information published by government agencies including NIST, MITRE and the US CERT/CC.

Out of a total of 1095 vulnerabilities claimed by the 11 vendors, including 14 claimed twice, Trend Micro's ZDI accounted for 573 (52.3%), 3.5 times more than the next vendor, which disclosed 15%. This market coverage remains consistent with that of 2018, as the ZDI remains the dominant industry player.

"Trend Micro's Zero Day Initiative continues to lead the vulnerability disclosure market, contributing not only the most bugs, but also the most dangerous exposures for business security," said Tanner Johnson, senior analyst for Omdia. "Working with vendors that are depended on by businesses around the globe helps raise the bar for security across the board."

Trend Micro also dominated in terms of the number of high severity vulnerabilities (56.2%) and medium severity (60.5%) it discovered and disclosed. Additionally, when analyzing the types of products targeted, a significant total of 269 PDF vulnerabilities disclosed by all vendors last year, with 61% of the total coming from the ZDI.

Founded in 2005, Trend Micro's ZDI changed the vulnerability disclosure market using bug bounty rewards to incentivize researchers. The ZDI is powered by over 10,000 independent researchers contributing research from many different areas of the software landscape, including business applications, operating systems, mobile, IoT and even ICS/SCADA within critical infrastructure. It has facilitated the responsible disclosure of over 7,500 vulnerabilities and paid researchers more than $25 million in bounties.

For more information and to read the full report, please visit: https://resources.trendmicro.com/rs/945-CXD-062/images/OMDIA_Public_Vulnerability_Report_July_2020.pdf.