3Com Rewards 'Responsible' Disclosure Of Security Flaws - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:30 AM

3Com Rewards 'Responsible' Disclosure Of Security Flaws

The company is planning to reward security researchers who reveal information on newly discovered vulnerabilities.

LONDON — Data networking group 3Com is planning to reward security researchers who reveal information on newly discovered vulnerabilities as part of an initiative run by its TippingPoint division.

The so called ‘Zero Day Initiative’ is aimed at ensuring the 'responsible' disclosure of security flaws in order to make technology more secure for all users. The goal is to proactively protect businesses against newly discovered vulnerabilities.

According to 3Com, many security researchers want to be recognized for their discovery, but they don't always achieve that in a responsible manner. Instead, and all too often, they post the potentially harmful information publicly, catching businesses and vendors off-guard and unprotected.

The initiative will recognize researchers for the discovery when the vulnerability is publicly disclosed with the vendor's patch.

3Com will notify affected vendors of security flaws so they can immediately begin working on a solution, most often in the form of a patch. The vulnerabilities will only be disclosed publicly once the affected vendor is able to offer a solution to end users, mitigating the threat.

Providing pre-emptive protection will be done through 3Com subsidiary TippingPoint’s Digital Vaccine service.

The company stressed it would share vulnerability details freely with other security vendors prior to public disclosure.

3Com CTO Marc Willebeek-LeMair said the initiative would ultimately benefit everyone in the industry: security and technology vendors, security researchers and end users.

Vulnerabilities enable attackers to gain control of a system for malicious purposes. They can also result in worms or Denial of Service attacks, which can bring down entire networks.

Zero day disclosure occurs when the discoverer of the vulnerability discloses the flaw to the public without notifying the vendor, putting businesses at risk from the time of disclosure until the affected vendor issues a patch. It can take vendors weeks or months to supply a patch.

David Endler, Director of Security Research for 3Com's TippingPoint division, said: "This program will extend our research organization even further, and enable us to tap some of the most brilliant minds in the global security research community.”

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll