As my friend Ryan Naraine, soon to be security evangelist for anti-malware company Kaspersky Labs, recently observed, “This list of 0days is always a source of content for me.” The list in question is the Zero Day Initiative’s list of vulnerabilities.
This list is perfect for any cyber cynic. It shows for the whole world to see who’s been good and who’s been naughty about working on zero-day vulnerabilities. These aren’t, we hope, publicly known security holes. They’re the ones that have been discovered by researchers, who then turned over their results to Tipping Point. No one, we hope, know about them except their discoverers, Tipping Point’s engineers and the vulnerable software’s programmers.
The list serves two purposes. One is, of course, to get you to buy Tipping Point’s IPS (Intrusion Prevention System) device. The other, and the one I also rather enjoy, is that it’s an attempt to shame the big software vendors into cleaning up their programs, if not their acts.