Former HP TippingPoint Researchers Start Vulnerability Buying Firm

Researchers previously employed by HP TippingPoint's Zero Day Initiative (ZDI) have formed a new company that will provide a vulnerability intelligence service, in part by buying the rights to zero-day software flaws.

According to its website, Exodus Intelligence's mission is to "aid our customers in departing from the broken paradigm of security, and enable them to focus on the relevant information of emerging security threats.

"We understand that most vulnerability bulletins misrepresent the actual risk introduced, by failing to convey the likelihood of an attacker successfully analyzing and exploiting the weakness," the site says. "By leveraging our expertise, we aim to provide an accurate assessment of the real threat posed to our customers, delivering signal, rather than noise, and expediting their security decision making process."

Exodus Intelligence is planning to launch the Exodus Intelligence Program (EIP), a vulnerability purchasing program that pays independent security researchers for their vulnerability discoveries. Once a flaw is validated, Exodus plans to report the flaws to the affected vendors and coordinate the disclosure process.

The company plans to combine its purchased vulnerability information with data generated through its own internal research to create a "vulnerability intelligence data feed," the website says.

"This data feed consists of detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation," the company says.

The site contains no specific information on when the data feed will be available or how much Exodus Intelligence will charge.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.