Vulnerability Management

Zero Day Initiative unveils shortened disclosure times for incomplete patches

Share

Reduced patch quality and the growing prevalence of vague patch communications have prompted Trend Micro's Zero Day Initiative to introduce shortened timelines for incomplete patches, according to ZDNet. Vendors will be given 30 days to address critical vulnerabilities with easily circumvented patches and expected exploitation, while 60 days will be given to remediate potentially exploitable critical and high severity flaws that have been issued with patches with some defense. Meanwhile, all other vulnerabilities with lower severity ratings will need to be addressed by vendors after 90 days. "Over the last few years, we've noticed a disturbing trend a decrease in patch quality and a reduction in communications surrounding the patch. This has resulted in enterprises losing their ability to accurately estimate the risk to their systems. It's also costing them money and resources as bad patches get re-released and thus re-applied," said ZDI Senior Director Brian Gorenc in a blog post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.