Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

The top 3 things you need to know about ZDI

MarthaAviles ‎11-20-2013 08:42 AM - edited ‎09-25-2015 08:32 AM

The HP Zero Day Initiative (ZDI)—you’ve heard about it, you’ve read about it, but you want to know more. Here are the top 3 questions we get regarding ZDI.


 What is ZDI?

The HP Zero Day Initiative Zero Day Initiative (ZDI) was established in 2005 as a way for security researchers to responsibly disclose vulnerabilities in software. ZDI was among the first, most successful vendor-agnostic programs of its kind. The program accepts and responsibly discloses vulnerabilities in software used by enterprises ranging from operating systems to SCADA applications.


ZDI gathers information from leading security researchers and promotes the early detection of new vulnerabilities by rewarding independent researchers for their work and working closely with the impacted vendor to patch the problem. The ZDI is vendor agnostic, meaning researchers have a single point of contact for submitting vulnerabilities across all major software vendors.


Today, the ZDI program bridges the gap between HP Security Research (HPSR) and HP TippingPoint Digital Vaccine (DVLabs) teams by providing detection guidance that allows HP TippingPoint products to protect customers against the latest zero-day vulnerabilities before they are disclosed to the public, which is a key differentiator in the market. In some cases, we can protect customers up to 6 months before the application vendor patches their vulnerability. This close partnership has resulted in, for three consecutive years, HP being named the Company of the Year in Vulnerability Research, Global by Frost & Sullivan.


How does the ZDI protect customers?

Since its founding, the ZDI has disclosed more than 1300 vulnerabilities in common, every-day software; received over 5,300 zero-day vulnerabilities into the program; and has purchased over 2,000 zero-day vulnerabilities.

In 2012 alone, the ZDI program issued more than 200 security advisories to help vendors patch vulnerabilities hidden in commonly used software, including a record number of zero day advisories (20). The team continues this pace having already published 250 security advisories in 2013.


In enduring performance, ZDI-sourced filters continue to show up in the DVLabs’ weekly subscriptions—over 29 ZDI-sourced filters in the past year. HP’s research teams continue to share their expertise on our HP Security Research blog platform.  


Finally, the ZDI recently held the second annual Mobile Pwn2Own contest at the PacSec Application Security Conference in Tokyo, where the world’s best researchers shared their latest mobile vulnerabilities and exploit techniques. All filters from this contest are undergoing rigorous testing and quality assurance, and will be released in our upcoming weekly Digital Vaccine package to our TippingPoint customers!


How can the ZDI help me?

HP is a leading provider of original vulnerability data, which provides coverage to our TippingPoint customers up to 6 months before the application vendor patch is created and ahead of our competition. According to Frost and Sullivan, in 2012, ZDI accounted for 24.9% of publicly reported vulnerabilities, leading all commercial vulnerability reporting organizations. HP TippingPoint DVLabs uses ZDI data to protect customers from never-before-seen threats targeting zero-day vulnerabilities.


In 2013, ZDI has been responsible for over 50% of all Microsoft Critical vulnerabilities patched to-date. Since 2011, ZDI has been responsible for over 36% of Oracle Java's Critical vulnerabilities patched to-date. The numbers are impressive.


To learn more about this the HP Zero Day Initiative, visit the HP Security Research blog.

0 Kudos
About the Author


27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all