3Com apes eEye with vulnerability list

3Com Corp has started publishing information about yet-to-be-patched vulnerabilities its Zero Day Initiative researchers have found in third-party software.

None of the information is useful to malicious hackers. Rather, like rival eEye Digital Security Inc has been for the last couple of years, ZDI is merely disclosing the name of the vendor and a counter which times how long it’s been since the vendor was notified.

This kind of disclosure mainly has the effect of bolstering the ZDI’s profile as a finder of vulnerabilities, and of causing some minor embarrassment to the vendors.

A company by the name of Marshal comes off looking worst on the current list, having failed to patch a vulnerability for 306 days.

Microsoft gets six of the 29 entries on the list, with waiting periods of between 41 and 210 days, and counting, since the vulnerabilities were disclosed. CA, Symantec, Verity, Sun, IBM, Apple, Novell, WinZip, Citrix and AOL are also listed.

The ZDI sees 3Com pay for vulnerability information from independent hackers. By definition, some of these vulnerabilities are known to people outside of 3Com.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing