Vulnerability Wholesaler Cuts Disclosure Times Over Poor Quality Patches
ZDI, a brand owned by security firm Trend Micro, is making the move because of what says is a “disturbing” decrease in patch quality and a rise in vague communications about patches. The impact on enterprises is that they can’t accurately estimate the risk to their systems and they’re wasting money on applying incomplete patches that are re-released down the track and need re-applying a second time around. ZDI’s standard disclosure timeline gives software vendors 120 days to release a patch, but it’s now introducing shorter timelines for “failed patches” that it will be monitoring....