The whole purpose of vulnerability disclosure is to notify software developers about flaws in their code so they can create fixes, or patches, and improve the security of their products. ZDI, which has been owned by the security firm Trend Micro since 2015, is a program that buys vulnerability findings from researchers and handles disclosure to vendors. But ZDI says that from its bird’s eye view, the quality of vendor patches overall has been slipping in recent years. “Over the last few years, we’ve really noticed that the quality of security patches has noticeably declined,” says ZDI member Dustin Childs. “The weaponization of failed patches in various vulnerabilities is absolutely being used in the wild right now,” ZDI’s Childs says.

Source: New York Times August 11, 2022 23:50 UTC