HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Just another day at the office: A ZDI analyst’s perspective on ZDI-15-030

zdi-small.pngA vulnerability report received late last year by the Zero Day Initiative contained a particularly well-written and well-documented example of a Windows kernel issue. Let’s take a walk through ZDI-15-030.

HPSR, Microsoft, disclosure, and the $125,000 bug bounty

zdi-small.pngHP Security Research is pleased to announce that Zero Day Initiative (ZDI) team members Brian Gorenc, AbdulAziz Hariri, and Simon Zuckerbraun have won $125,000 from Microsoft’s mitigation-bypass bug bounty program. We discuss what they found and why they won’t keep the money.

Happy new year (and new guidelines) from the ZDI

As the Zero Day Initiative closes the books on the most successful year in its history, we thank our contributors – and lay plans to raise the bar on contributions in 2015.

Four years and counting: ZDI leads Frost & Sullivan disclosure field

HP Security Research has just learned that our Zero Day Initiative (ZDI) team has received the Global Frost & Sullivan Company of the Year Award for 2013 – the fourth year in a row we’ve been honored as the pre-eminent public vulnerability research program.  The award is an honor; reading Frost & Sullivan's report on the current state of vulnerability research is a treat.

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Deep impact - the ZDI disclosure policy

The main objective of HP’s Zero Day Initiative is to reward security researchers for responsibly disclosing vulnerabilities.  Through this program, nearly 300 vulnerabilities have been discovered and patched between August 1, 2012 and August 31, 2013.


Keep reading to find out how responsible disclosure programs play a role in securing software – and what happened when we turned the focus on ourselves.


Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.