Former HP TippingPoint Researchers Start Vulnerability Buying Firm
Exodus Intelligence will buy the rights to zero-day flaws and use them to build a vulnerability intelligence service
Researchers previously employed by HP TippingPoint's Zero Day Initiative (ZDI) have formed a new company that will provide a vulnerability intelligence service, in part by buying the rights to zero-day software flaws.
According to its website, Exodus Intelligence's mission is to "aid our customers in departing from the broken paradigm of security, and enable them to focus on the relevant information of emerging security threats.
"We understand that most vulnerability bulletins misrepresent the actual risk introduced, by failing to convey the likelihood of an attacker successfully analyzing and exploiting the weakness," the site says. "By leveraging our expertise, we aim to provide an accurate assessment of the real threat posed to our customers, delivering signal, rather than noise, and expediting their security decision making process."
Exodus Intelligence is planning to launch the Exodus Intelligence Program (EIP), a vulnerability purchasing program that pays independent security researchers for their vulnerability discoveries. Once a flaw is validated, Exodus plans to report the flaws to the affected vendors and coordinate the disclosure process.
The company plans to combine its purchased vulnerability information with data generated through its own internal research to create a "vulnerability intelligence data feed," the website says.
"This data feed consists of detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation," the company says.
The site contains no specific information on when the data feed will be available or how much Exodus Intelligence will charge.
Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2012About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024