 |
Press Release |
|
|
VeriSign iDefense Vulnerability Submissions Increase 84 Percent in 2005
60 Day Average Advance Notice of Biggest Threats in Q4
MOUNTAIN VIEW, CA – February 21, 2006 — VeriSign
(Nasdaq: VRSN), the leading provider of intelligent infrastructure services
for the Internet and telecommunications networks, today announced that
the VeriSign iDefense Security Intelligence business unit added 99 new
contributors to its Vulnerability Contributor Programme (VCP) and processed
613 vulnerability submissions in 2005, representing an 84 percent increase
from the same time period in 2004. The programme successfully disclosed
180 confirmed vulnerabilities throughout 2005 with 35 occurring in the
fourth quarter. Over the past three years, the programme has consistently
identified many of the most severe flaws in broadly used applications
and critical business systems. VeriSign iDefense Security Intelligence
Services has developed extensive working relationships with top software
vendors to notify the public of potential security holes and develop
patches that mitigate the security risk.
"VeriSign iDefense Security Intelligence Services
discovered 11 Microsoft vulnerabilities, three of which were critical,
during 2005,”said Joe Payne, vice president, VeriSign iDefense Security
Intelligence Services. “This represents inclusion in 16 percent of all
Microsoft security bulletins, an incredible percent matched by nobody
else in the industry.”
The average advance notification for all vulnerabilities
in Q4 was 60 days, giving VeriSign iDefense customers two months of
additional protection before vendors distributed patches to the market
as a whole. There are currently 57 additional submitted vulnerabilities
being verified by the iDefense Labs Team.
VeriSign iDefense Security Intelligence Services has
led the industry’s commitment to compensating researchers for these
significant findings. Its approach of paying for responsible disclosure
of vulnerabilities empowers network managers to proactively make their
networks more secure.
“Many of our most valuable contributors consistently
identify significant vulnerabilities that may never make the front page,
but both avert major exploitation and secure considerable compensation
through our rewards programme,” said Michael Sutton, director of iDefense
Labs, which manages the worldwide programme.
Bonus System
This past quarter, $41,000 in quarterly performance bonuses was
awarded to the top researchers in the VCP programme in addition to the
normal payouts for each accepted vulnerability. Eight award types
range from $1,000 to $10,000, and contributors can win multiple awards.
Twin bonus programmes also recognise leaders in the past quarter, as
well as overall contributions in the past 12 months, with a top award
of $10,000.
For the first quarter
of 2006, iDefense has also announced a new quarterly challenge which
will reward contributors $10,000 for each accepted vulnerability that
Microsoft ends up classifying as critical. The first quarterly challenge
ends March 31, 2006. Further details can be found at http://labs.idefense.com.
About iDefense and VeriSign
iDefense, a VeriSign company, provides information security intelligence
to the U.S. government and Global 2000 companies, including leaders
in financial services, energy, transportation and telecommunications.
The company provides customised, actionable, timely and relevant intelligence
detailing potential threats, vulnerabilities and security issues directly
to C-level executives, general counsels, auditors, senior security managers
and staff, and system administrators. Further information is available
at www.idefense.com
or (703) 480-4602. VeriSign, Inc. (Nasdaq: VRSN), operates intelligent
infrastructure services that enable and protect billions of interactions
every day across the world’s voice and data networks. Additional news
and information about the company is available at www.verisign.com.
For More information contact:
VeriSign Media Relations: Brendan P. Lewis;brlewis@verisign.com; (650) 426-4470
Oona Rokyta;Hill & Knowlton (for iDefense);oona.rokyta@hillandknowlton.com(202)
944-1980
VeriSign Investor Releations : Tom McCallum; tmccallum@verisign.com;
650-426-3744
Information on VeriSign’s responsible vulnerability disclosure policy
can be found at: http://www.idefense.com/legal.php.
Statements
in this announcement other than historical data and information constitute
forward-looking statements within the meaning of Section 27A of the
Securities Act of 1933 and Section 21E of the Securities Exchange Act
of 1934. These statements involve risks and uncertainties that could
cause VeriSign's actual results to differ materially from those stated
or implied by such forward-looking statements. The potential risks and
uncertainties include, among others, the uncertainty of future revenue
and profitability and potential fluctuations in quarterly operating
results due to such factors as the inability of VeriSign to successfully
market its services, including VeriSign iDefense Research; customer
acceptance of the services as provided by VeriSign; the risk that expected
economies in servicing customers will not materialise; the incurrence
of unexpected costs integrating the assets; increased competition and
pricing pressures; and the inability of VeriSign to successfully develop
and market new products and services and customer acceptance of any
new products or services. More information about potential factors that
could affect the company's business and financial results is included
in VeriSign's filings with the Securities and Exchange Commission, including
in the company's Annual Report on Form 10-K for the year ended December
31, 2004 and quarterly reports on Form 10-Q. VeriSign undertakes no
obligation to update any of the forward-looking statement after the
date of this press release.
|
|
