VIDEO: The leader of HP’s vulnerability buying service talks about the business of security exploits, and the future of the Pwn2Own hacking competition.
The HP TippingPoint Zero Day Initiative (ZDI) sits at a very opportune place in the modern IT security threat ecosystem. Instead of just waiting to discover threats, ZDI buys security vulnerabilities from researchers in an effort to help secure both HP customers and the broader industry.
Sitting at the top of ZDI for the last year is Brian Gorenc, who manages ZDI’s efforts. In an interview with eWEEK, Gorenc details what his group does and how it is able to acquire so many vulnerabilities in any given year.
Gorenc stresses that his organization is focused on critical vulnerabilities, including those that affect Microsoft’s Internet Explorer, Oracle’s Java and Apple’s QuickTime.
“We’re focused on helping the researcher community connect with the vendor community,” Gorenc said. “And also we compensate those researchers with cash, by purchasing the vulnerability information.”
Watch the full video below:
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.