New eEye Zero-Day Tracker Site is Up!

Marc Maiffret, September 22nd, 2010

We are excited to announce the re-launch of our Zero-Day Tracker service. The Zero-Day Tracker, or ZDT, is your one-stop resource for an at-a-glance view of existing Zero-Day vulnerabilities. This includes descriptions of the extent and impact of the vulnerability and any potential mitigation that your IT team could take against a given Zero-Day vulnerability.

The ZDT is also an important tool to hold technology companies accountable. eEye has long believed that we are not only striving to provide IT folks the best Vulnerability Management solutions to combat vulnerabilities within their own organizations, but also that we must all work as a community to hold technology companies accountable for the timely and responsible fixing of security vulnerabilities.

As you’ll see on the eEye ZDT website, the number of Zero-Day vulnerabilities is certainly not slowing down. Maybe even more disconcerting is the fact that some vulnerabilities in the list have been known for months – a stark reminder that some technology companies will simply leave Zero-Day vulnerabilities unpatched for a period of time.

In addition to the dramatic increase in Zero-Day vulnerabilities, we’re also seeing an increase in the usage of Zero-Day vulnerabilities within common widespread cybercrime attacks rather than the norm of silent targeted attacks. These trends should serve as a reminder that in order to effectively secure your organization in today’s threat landscape, you must operate under the assumption that there are unpatched vulnerabilities that can affect your organization. It’s critical to ask yourself honestly if you’ve implemented technologies, configurations, and processes that go above and beyond the reactive security of traditional anti-virus, firewall, and intrusion detection technologies.

I personally invite you to take advantage of this newly launched service from the eEye Research Team. Please use it not only as a resource for yourself, but also as a shared tool to collectively hold technology companies accountable. At eEye, we’ve seen firsthand the power of the IT Security community to change the culture of security even at a company as large as Microsoft. So, in an effort to work together, please send us an email at, if you know of a current or previously patched Zero-Day that’s not listed on our ZDT website. We will be sure to add it.

Look for more resources and tools from us over the coming months, as we continue to push for accountability across all technology companies. Let’s work to establish a new standard where they put security first and features second.