IBM, Microsoft, HP Slow to Fix Software Bugs

IBM, Microsoft and Hewlett Packard have been named as the slowest companies to patch bugs in their software.

According to a new report released by the HP TippingPoint's Zero Day Initiative (ZDI), each company failed to patch bugs in their software even after they had been given a six month time frame to patch them.

TippingPoint purchased security vulnerabilities from independent researchers and reported these vulnerabilities to a variety of companies. TippingPoint also used these vulnerabilities to strengthen its own security software offerings.

HP's TippingPoint security division, which runs the world's largest bug bounty hunter program, informed that it had reported 29 zero day advisories during 2011, which were reported to the companies more than six months ago.

The security group said that 10 of the 29 vulnerabilities were reported in IBM's software, 6 were reported in HP software and 5 were reported in Microsoft software. Other companies who made it to the list of late bug patchers include EMC, Cisco and CA.

"If vendors don't show due diligence, and after working with them it doesn't look like they're making a strong commitment to patching, we release the information as a zero-day advisory," said Derek Brown, a ZDI researcher, as reported by Computer World.