Trend Micro’s ZDI Extends Leadership in Public Vulnerability Disclosures

Zero Day Initiative increases vulnerability market coverage for fifteenth year in a row


BENGALURU – Trend Micro Incorporated today celebrated the success of its Zero Day Initiative (ZDI), which was responsible for nearly 64% of all vulnerabilities disclosed in 2021, according to Omdia.

Sharda Tickoo Technical Director for Trend Micro, India and SAARC: “Having led the charge since the very first market analysis in 2007, the ZDI has expanded its volume of vulnerability disclosures for the fifteenth successive year. Our vulnerability research is second to none globally, both pre-and post-disclosure. In the ongoing race against malicious actors, we are proud to lead the industry in helping make the digital world a safer place.”

Omdia provided an independent comparative analysis of 11 global organizations that publicly research and disclose vulnerabilities, analyzing a total of 1,543 vulnerabilities disclosed and assigned a CVE in 2021.

Of the 984 submitted by Trend Micro’s ZDI, 36% were critical, 70% were classified as high severity, and 45% were medium severity.

The results show the ZDI disclosed and managed over three times more vulnerabilities than its nearest rival and remains the world’s largest vendor-agnostic bug bounty program for the 14th consecutive year.

There was also positive news for the wider industry. Every vulnerability discovered and responsibly disclosed reduces the opportunity for malicious actors to craft surprise zero-day attacks. So the year-on-year increase in the total number of vulnerabilities disclosed by all 11 vendors is to be welcomed. This figure climbed 12% from 1,378 in 2020.

Tanner Johnson, principal analyst for Omdia: “This year’s data also revealed that monitoring software was responsible for the largest number of vulnerabilities submitted. This is another positive sign, as more organizations utilize this software to identify threats faster. “

The average impact score of vulnerabilities has also increased year-on-year over the past three years, which means that the vulnerabilities disclosed could have a bigger impact if exploited. CVEs added to the US National Vulnerability Database (NVD) hit a record high for the fifth successive year in 2021.

To read a full copy of the report, Quantifying the Public Vulnerability Market: 2022 Edition, please visit: