Aaron Portnoy, a well-known and respected figure who until recently was the manager of the Security Research Team at HP TippingPoint and the Zero Day Initiative (ZDI), is an example in point: Portnoy is now a co-founder and VP of Research at a new security startup called Exodus Intelligence. In a conversation with eSecurity Planet, Portnoy explained how his new startup will be different from the work he did at HP.
“At Exodus we are able to focus on the vulnerabilities, the threats they pose, how to mitigate them, and subsequently analyze the trends that emerge,” Portnoy said. “As we aren’t supporting any products directly, we aren’t distracted with development efforts — especially for implementation-specific solutions.”
Exodus Intelligence provides customers with a vulnerability intelligence data feed that contains a detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation. One of the ways Exodus aims to set itself apart is by focusing on vulnerabilities that the company believes are likely to be exploited in the wild (as opposed to being simply theoretically exploitable). <>To that end, the company recently launched the Exodus Intelligence Program, which reviews and pays for new vulnerabilities submitted by security researchers. Because Exodus has no products of its own to support, the company is able to consider a wider range of vulnerabilities than some of its competitors.
“At Exodus our expertise is applied directly to helping our customers understand and apply the information we provide through our intelligence feed and not hindered by other business requirements,” Portnoy said.
Scott Lambert, Director, HP DVLabs has replaced Portnoy and DVLabs and currently leads the Zero Day Initiative. Scott has a strong team in place including a network of nearly 2,000 independent researchers from all over the world actively submitting vulnerability disclosures.
“HP DVLabs is committed to security research and will continue the Zero Day Initiative program that has proved to be a success with both customers and the industry,” Lambert told InternetNews. “We’re continuing to make offers, investigate cases and release disclosures.”
Lambert added that HP welcomes Exodus Intelligence to the research community.
“The founding of the program underscores the importance of security intelligence as a means to produce more secure software,”Lambert said. ” Bounty programs are not exclusive for the participation of independent researchers; however, rewards for submittals do vary from program to program.”