Exposing Security Flaws for the Greater Good (and the Money Isn't Bad, Either)

September 30, 2015 • Blog Post • By HPE Matter Staff Writer



  • The Zero Day Initiative (ZDI) is a bug bounty program, which means that it that rewards security researchers for identifying and responsibly disclosing vulnerabilities
  • Once a bug is identified, organizations can address the issue before malicious hackers have the opportunity to exploit it

How the Zero Day Initiative is a Win-Win for Security Researchers and Enterprises

The Zero Day Initiative (ZDI) rewards security researchers for identifying and responsibly disclosing vulnerabilities - in other words, it's a bug bounty program. Benevolent researchers who are threat experts across a range of IT systems and devices discover and report bugs, and in return for their good work receive recognition and compensation.

While it may seem counterintuitive to pay people to seek out exploitable security vulnerabilities, bug bounty programs make good business sense for startups and large enterprises alike. Responsible disclosure systems like ZDI encourage researchers to proactively seek out and inform responsible parties of potential risks so organizations can address issues before malicious hackers exploit them for their own gain.

Now in its tenth year, ZDI researchers have identified and shared more than 2,000 Common Vulnerabilities and Disclosures (CVEs). This equates to more than 2,000 patches from vendors resolving security bugs.

For more information on the initiative, check out this article from HPE Business Insights featuring with Brian Gorenc, manager and head of ZDI for HPSecurity Research, and this ZDI@10 fast facts report.