TippingPoint ZDI defectors launch new vulnerability buying program

The new company, called Exodus Intelligence, was founded by Aaron Portnoy and a group of ex-ZDI researchers who suddenly left HP TippingPoint a few months ago around the time HP was preparing for a massive round of layoffs.

At the time, an HP spokesperson told me that Portnoy "decided to move on" and insisted the company's ZDI vulnerability purchasing program remained "strong."

Exodus Intelligence is planning to launch the Exodus Intelligence Program (EIP), a vulnerability purchasing program that compensates independent security researchers around the globe for their vulnerability discoveries.  Once a flaw is validated, Exodus plans to report the flaws to the affected vendors and coordinate the disclosure process.

According to its website, Exodus Intelligence will use the flaw buying program and information from internal research to create a "vulnerability intelligence data feed."

"This data feed consists of detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation," the company said.

Not much is known about the new company's backers and it is not clear if Portnoy received any venture capital funding to finance the new program.  Zero-day vulnerability research data is a booming business, especially in the grey-market where prices for for software flaws can sometimes run between $100,000 and $250,000.