The Zero Day Initiative
In the cyber community which is still a young community, many times great catchy names are used to grab attention like the Zero Day Initiative. It wasn't until my son asked me, "should I be worried about a Zero Day initiative". I asked him why? He explained it sounded scary.... So for new members of the Security Community I thought I would share what the Zero Day Initiative is.
Today, there still remains a perception by some in the information security industry that vulnerability researchers are malicious hackers looking to do harm. While there clearly are skilled malicious hackers out there, this remains a very small minority of the total number of people who actually discover new software flaws. In reality, the number of benevolent researchers with the expertise required to discover a software vulnerability is a sizeable, and fast growing group. The dissemination of publicly available vulnerability analysis and discovery tools has helped foster this group of security enthusiasts. Also, it is not uncommon for "white hat" security professionals to stumble onto a new flaw while doing their day-to-day security work.
TippingPoint has its own security research organizations via DVLabs. It made perfect sense however to augment DVLabs with the additional zero day research of this growing network of "extended researchers". Our approach was the formation of the Zero Day Initiative (ZDI), launched on July 25, 2005. The main goals of the ZDI are to:
* Amplify the effectiveness of our team by creating a virtual community of skilled researchers.
*Encourage the responsible reporting of zero-day vulnerabilities through financial incentives.
*Protect TippingPoint customers from harm until the affected vendor is able to deploy a patch.
For more: https://www.zerodayinitiative.com/about/