According to the 2011 report of the program TippingPoint Zero Day Initiative, Hewlett-Packard, IBM and Microsoft are leading companies that are the most time to correct 0-day vulnerabilities.
This assessment is only part of an overview to the extent it is based on the results of the program Zero Day Initiative (ZDI). This initiative ZDI is under the aegis of TippingPoint, particularly known for organizing the Pwn2Own hacking contest.
Via ZDI, TippingPoint pays researchers for discovering security vulnerabilities. For a period of 180 days, the findings are shared in confidence with the software involved. TippingPoint took the opportunity to develop protective measures in its own products.
After this deadline, details are publicly disclosed. This year, TippingPoint has released details for 29 0-day vulnerabilities with one of the Editors: Cisco, HP, IBM and Microsoft.
Computerworld is more explicit in pointing to IBM, HP and Microsoft as the trio to correct the slowest 0-day vulnerabilities. Of the 29 holes, ten affected products of IBM, six to HP and five to Microsoft.
In this case, it was for flaws in Microsoft Office. For the Redmond, public disclosure has apparently been there since its little effect on the five vulnerabilities disclosed in February, all were corrected in April. A correction has not occurred for IBM and HP. This may be the last straw, TippingPoint, a division of HP.
To qualify, adding that in its latest security report, Microsoft said that less than 1% of attempted attacks exploit a 0-day vulnerability.