• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   After Pwn2Own 2016: Focused Customer Protection

After Pwn2Own 2016: Focused Customer Protection

  • Posted on:March 22, 2016
  • Posted in:Network, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

Last week at the CanSecWest security conference in Vancouver, British Columbia, Trend Micro and Hewlett-Packard Enterprise sponsored Trend Micro’s Zero Day Initiative’s (ZDI) annual Pwn2Own contest for 2016.

As mentioned in our earlier post it was an exciting event. Tencent Security Team Sniper (KeenLab and PC Manager) pulled out a win in the very last attempt. You can’t make a security research competition more exciting than that.

As fun and exciting as the event was, ultimately that’s only a byproduct. In the end, Pwn2Own is a serious business. Our ZDI didn’t hand out US$460,000 just because they’re nice people (though they really are).

Pwn2Own serves a very serious purpose of helping improve the security of our Trend Micro TippingPoint customers, as well as everyone on the Internet.

Unlike other competitions, we’re not just giving away prizes for what the competitors have achieved. Our ZDI is also paying the researchers for their time and effort in finding these vulnerabilities. Most importantly, we’re purchasing the intellectual property rights to their research; information about the vulnerabilities and the means to exploit them that the researchers have found.

Our ZDI team then takes that information and sends it on to the appropriate vendors so they can build patches to protect all their customers. This is subject to our usual Coordinated Vulnerability Disclosure policy with a 120 day window.

What’s less well-known is that our DVLabs team is also at every Pwn2Own. They’re in the disclosure room with the researchers, the vendors and the ZDI team. As Steve Povolny with DVLabs notes, their focus is getting information. Specifically, getting the information DVLabs needs to build filters that protect TippingPoint customers against attempts to attack the vulnerabilities those researchers used at Pwn2Own.

This year’s Pwn2Own saw 21 new vulnerabilities disclosed. With today’s TippingPoint Digital Vaccine filter release our customers are as well protected as possible until Adobe, Apple, Google and Microsoft release updates to address these vulnerabilities.

image 3

That is ultimately why we do Pwn2Own; to make TippingPoint customers safe through the protections our filters provide, and everyone safe by getting security vulnerabilities patched in a coordinated way.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.

Related posts:

  1. ZDI Update: Microsoft and Adobe Patch Tuesday for May 2016 and Microsoft Closes Pwn2Own 2016 Vulnerabilities
  2. Pwn2Own 2016 – Trend Micro TippingPoint DVLabs Exclusive Zero Day Coverage!
  3. April 2016 Microsoft and Adobe Security Patches: Badlock Not So Bad and Adobe Fully Closes Pwn2Own 2016 Vulnerabilities
  4. Pwn2Own 2016 Has Begun

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.