Trend Micro Incorporated confirms its leadership in the detection and publication of vulnerabilities. This is illustrated by the Omdia report entitled ‘Quantifying the Public Vulnerability Market: 2022 Edition’.
The latter reveals that of the 984 vulnerabilities submitted by the Zero Day Initiative (ZDI) program, the vast majority were proven: 723 represented a high level of risk, 129 a medium level and 48 a critical level.
Omdia conducted an independent benchmarking analysis of 11 security vendors around the world working on finding and publishing vulnerabilities. The research firm analyzed a total of 1,543 vulnerabilities disclosed and attributed to a CVE in 2021 in order to establish a ranking of the organizations that contributed the most to these discoveries.
The results show that the ZDI program disclosed and managed more than three times as many vulnerabilities as its closest competitor. It therefore remains, for the 14th consecutive year, the largest independent vendor bug bounty program in the world.
“Having conducted investigations since the very first market analysis in 2007, the ZDI initiative has steadily increased its volume of vulnerability disclosures over fifteen years. Global vulnerability research is unparalleled, both pre-disclosure and post-disclosure. In the ongoing race against malicious actors, we’re proud to lead the market and help make the digital world a safer place,” said Brian Gorenc, senior director of vulnerability research – Trend Micro.
The results of the Omdia study are encouraging for the market as a whole. Each responsibly discovered and disclosed vulnerability reduces the ability of malicious actors to engineer zero-day attacks. The year-on-year increase in the total number of vulnerabilities disclosed by security vendors is good news: +12% on the volume of 1,378 disclosures in 2020. A dynamism that reflects the effectiveness of research carried out by these actors at the global level.
“This year’s data also revealed that monitoring software was responsible for the highest number of vulnerabilities referenced and submitted. This is another positive indicator, as these types of tools are increasingly used by organizations to identify threats more quickly,” said Tanner Johnson, Principal Analyst – Omdia.
The average vulnerability impact score has also increased annually over the past three years. Concretely, the disclosed vulnerabilities could have the most significant impact if they were exploited. CVEs added to the US National Vulnerability Database meanwhile hit an all-time high in 2021, for the fifth consecutive year.