Trend Micro’s Zero Day Initiative (ZDI) published 674 advisories last year and paid out nearly $2 million to researchers who submitted vulnerabilities, the company said in its “2016 Retrospective” report.
ZDI encourages responsible disclosure through financial rewards, but the company does not resell or redistribute the vulnerabilities it acquires, and instead uses the information to protect TippingPoint customers against potential attacks even before a patch is made available.
Of the total number of advisories, 54 described vulnerabilities that had not been patched at the time of disclosure, while the rest were successfully coordinated with the affected vendor. Researchers reported many flaws last year, but almost 43 percent of them were rejected by ZDI.
The most interesting vulnerabilities reported through ZDI in 2016 affected Internet Explorer (CVE-2016-3382), Edge (CVE-2016-0158), Windows (CVE-2016-7272), OS X (CVE-2016-1806), Flash Player (CVE-2016-7857) and Chrome...(continued)