Computerworld – Citing the need to prod software vendors to patch vulnerabilities even faster, Hewlett-Packard’s bug bounty program said it was shortening its patch-or-go-public policy to 120 days.
The Zero Day Initiative (ZDI), a researcher reward program run by HP’s TippingPoint division, a maker of corporate intrusion prevention system (IPS) and firewall appliances, announced the new deadline at the RSA Conference, a massive security trade show and conference that wraps up today in San Francisco.
