Software developers and security researchers still don't see eye to eye on bug disclosures. There are times when the constant emphasis on the researcher's duty to make responsible disclosures appears to overshadow the vendor's duty to patch vulnerabilities in a timely manner. TippingPoint's Zero Day Initiative (ZDI), the world's leading bug bounty program, is trying to ensure that this fact is not lost on vendors.
ZDI has announced changes to its bug disclosure policy. Under the new policy, ZDI will go public with “limited details” of the bug in case the flaw still remains unfixed after six months of the vendor being notified. It previously only detailed those bugs that had been patched by the vendor.
“As the 5th year anniversary of the TippingPoint ZDI program rolls around we have had a chance to reflect on the frequently changing vulnerability disclosure best practices utilized within our industry. From the days of no-disclosure, to full, to responsible, to coordinated, our policy has remained relatively the same,” Aaron Portnoy, manager of security research at HP TippingPoint, wrote in a blog post Wednesday.
“In an effort to coerce vendors to work with us on patching these issues more promptly, the ZDI is announcing a 6-month deadline going into effect on 08/04/10. This means that the first vulnerability report, if needed, will be disclosed on 02/04/11. At the end of the deadline if a vendor is not responsive or unable to provide a reasonable statement as to why the vulnerability is not fixed, the ZDI will publish a limited advisory including mitigations in an effort to enable the defensive community to protect the user.”
Acer is well on course to overtake Hewlett-Packard as the world's leading laptop vendor by the end of this year, according to Chairman J.T. Wang. He said that better-than-expected performance in some countries should see revenues jump 10-15 percent sequentially in the third quarter. He made the comments while addressing shareholders at a meeting.
However, Acer may have already pipped HP to the top spot in the netbook market. Gartner's research shows that the Taiwanese PC vendor finished the first quarter as the world's leading notebook seller ahead of HP, though the gap between the two was marginal – 9.49 million notebooks to HP's 9.47 million.
Wang said that the company has managed to grow even in the face of the ongoing debt crisis in Europe. More importantly, Acer hasn't resorted to price hikes to offset the recent wage increases in China. Moving forward, the world's number two PC vendor hopes to make a dent in the smartphone market aided by Google Android.
Michael Concannon, Qualcomm CDMA Technologies' senior vice president of connectivity and wireless modules, told Cnet that most of the leading PC makers have chosen its Gobi modem chipsets for their laptops, with around 100 laptop models currently on the market boasting Gobi 3G modems.
Acer certainly talks the talk, and the problem for its competitors is that, for the most part, the company also walks the walk. Take note HP, because Acer's gunning for your top spot in the global PC market, a place the company thinks it will reach by 2012.
Or so says Acer's outspoken Chairman Wang Jeng-tang and President Gianfranco Lanci. In fact, it seems like everyone over at Acer likes to beat their chest, as evidenced by the company's founder earlier this week saying that US-brand PCs will be extinct in 20 years, "just like what happened to US television brands."
HP is one of those US brands, and also happens to be the largest maker of PCs on the planet with a 19.3 percent share. Acer, who jumped ahead of Dell not that long ago for the No. 2 spot, holds 13 percent of the global PC market, and it's not unrealistic that Acer would become the top dog in two years.
This will especially be true if the notebook market continues to grow, which is a sector where Acer thrives. The company said it shipped about 33-34 million notebooks last year, and thinks it it will ship 40 million in 2010.