eEye opens doors on zero-day flaws

eEye has produced a new service that will specifically track "zero-day" security holes.


eEye has produced a new service that will specifically track "zero-day" security holes.

The security company said the service will include detailed information on mitigating unpatched bugs, as well as independent research that has, in the past, shown some threats to be more serious than originally thought. A new website for the service can be seen here.

eEye said the launch is a direct result of the increased threat of unpatched bugs that has developed over the past few months. "More zero-day security vulnerabilities and attacks are being discovered every day, and dealing with them can easily dominate an enterprise’s IT efforts," said eEye founder and CTO Marc Maiffret. "The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut."

Over the past year attackers have begun launching zero-day attacks shortly after Microsoft's monthly patch cycle, to allow the maximum amount of time before a patch is available. Microsoft Office and Internet Explorer have been targeted particularly frequently, with Word most recently targeted.

The company claims its research arm is responsible for discovering more critical security bugs than any other research group in the world. FrSIRT and Secunia both offer vulnerability-tracking services backed up by their own research teams, but don't have services devoted exclusively to zero-day bugs.

eEye noted that its tests had found that a recent bug in Adobe software, originally reported as a denial-of-service flaw, could in fact be used to execute malicious code.

The company claimed it will publish information not publicly disclosed on other vulnerability-tracking sites. All new zero-day bugs will be added to the list, and eEye will provide data on past bugs on request.

eEye also makes software designed to protect systems from zero-day attacks until patches are available.

"Recommended For You"

Windows zero-day flaw published 'in protest at Microsoft behaviour' Third Word exploit released