back
60 Day Average Advance Notice of Biggest Threats in Q4
MOUNTAIN VIEW, CA – February 21, 2006 — VeriSign (Nasdaq: VRSN), the leading provider of intelligent infrastructure services for the Internet and telecommunications networks, today announced that the VeriSign iDefense Security Intelligence business unit added 99 new contributors to its Vulnerability Contributor Program (VCP) and processed 613 vulnerability submissions in 2005, representing an 84 percent increase from the same time period in 2004. The program successfully disclosed 180 confirmed vulnerabilities throughout 2005 with 35 occurring in the fourth quarter. Over the past three years, the program has consistently identified many of the most severe flaws in broadly used applications and critical business systems. VeriSign iDefense Security Intelligence Services has developed extensive working relationships with top software vendors to notify the public of potential security holes and develop patches that mitigate the security risk.
"VeriSign iDefense Security Intelligence Services discovered 11 Microsoft vulnerabilities, three of which were critical, during 2005,”said Joe Payne, vice president, VeriSign iDefense Security Intelligence Services. “This represents inclusion in 16 percent of all Microsoft security bulletins, an incredible percent matched by nobody else in the industry.”
The average advance notification for all vulnerabilities in Q4 was 60 days, giving VeriSign iDefense customers two months of additional protection before vendors distributed patches to the market as a whole. There are currently 57 additional submitted vulnerabilities being verified by the iDefense Labs Team.
VeriSign iDefense Security Intelligence Services has led the industry’s commitment to compensating researchers for these significant findings. Its approach of paying for responsible disclosure of vulnerabilities empowers network managers to proactively make their networks more secure.
“Many of our most valuable contributors consistently identify significant vulnerabilities that may never make the front page, but both avert major exploitation and secure considerable compensation through our rewards program,” said Michael Sutton, director of iDefense Labs, which manages the worldwide program.
Bonus System
This past quarter, $41,000 in quarterly performance bonuses was awarded
to the top researchers in the VCP program in addition to the normal
payouts for each accepted vulnerability. Eight award types range
from $1,000 to $10,000, and contributors can win multiple awards.
Twin bonus programs also recognize leaders in the past quarter, as well
as overall contributions in the past 12 months, with a top award of
$10,000.
For the first quarter of 2006, iDefense has also announced a new quarterly challenge which will reward contributors $10,000 for each accepted vulnerability that Microsoft ends up classifying as critical. The first quarterly challenge ends March 31, 2006. Further details can be found at http://labs.idefense.com.
About iDefense and VeriSign
iDefense, a VeriSign company, provides information security intelligence
to the U.S. government and Global 2000 companies, including leaders
in financial services, energy, transportation and telecommunications.
The company provides customized, actionable, timely and relevant intelligence
detailing potential threats, vulnerabilities and security issues directly
to C-level executives, general counsels, auditors, senior security managers
and staff, and system administrators. Further information is available
at www.idefense.com
or (703) 480-4602. VeriSign, Inc. (Nasdaq: VRSN), operates intelligent
infrastructure services that enable and protect billions of interactions
every day across the world’s voice and data networks. Additional news
and information about the company is available at www.verisign.com.
Information on VeriSign’s responsible vulnerability disclosure policy can be found at: http://www.idefense.com/legal.php.
Media Contacts:
Brendan P. Lewis
VeriSign
brlewis@verisign.com
(650) 426-4470
Oona Rokyta
Hill & Knowlton (for iDefense)
oona.rokyta@hillandknowlton.com
(202) 944-1980
Investors Contact:
Tom McCallum
VeriSign
650-426-3744
tmccallum@verisign.com
Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as the inability of VeriSign to successfully market its services, including VeriSign iDefense Research; customer acceptance of the services as provided by VeriSign; the risk that expected economies in servicing customers will not materialize; the incurrence of unexpected costs integrating the assets; increased competition and pricing pressures; and the inability of VeriSign to successfully develop and market new products and services and customer acceptance of any new products or services. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2004 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-looking statement after the date of this press release.
###