Trend Micro's ZDI Looks to Acquire More Vulnerabilities in 2019

2018 was a big year for security vulnerabilities, and 2019 is on track to be even bigger, according to Trend Micro's Zero Day Initiative. ZDI is in the business of acquiring vulnerabilities from security researchers and then responsibly reporting them to vendors. In 2018, ZDI published 1,444 security advisories, which was 42 percent more than it published in 2017. ZDI has a policy where it gives vendors 120 days to fix reported flaws, before it publicly discloses them. In 2018, ZDI reported that the vast majority of vendors responded and fixed issues inside of the disclosure window, with only 158, or 11 percent, of all vulnerabilities that ZDI reported in 2018 not meeting that threshold. "Overall, just the volume of bug reports was a surprise. We expected 2018 to be larger than 2017, but not 40 percent larger," Dustin Childs, director of communications for ZDI, told eWEEK. "Another surprise may be in what didn't happen. There weren’t as many new areas of research as we would have predicted."