"The new team at Exodus includes Aaron Portnoy, the former head of the ZDI vulnerability program, and Brandon Edwards, another veteran of the ZDI team," writes Threatpost's Dennis Fisher. "The exact nature of the company's new bug-buying program is still under wraps, but the Exodus site says that they also will have a security intelligence service that will provide customers with customized information on new vulnerabilities and threats."
As the new firm's Web site puts it, "Exodus Intelligence provides actionable security information through a vulnerability intelligence data feed. This data feed consists of detailed analysis of zero-day vulnerabilities, their relative risk, proprietary vulnerability research, and recommendations for mitigation."
"Judging by their mission statement, they claim that many vulnerability bulletins misrepresent the actual risks posed by a security hole," writes Softpedia's Eduard Kovacs. "They want to change that by providing a more accurate assessment that would help the affected organization speed up the process of securing its infrastructures and assets."
"Not much is known about the new company’s backers and it is not clear if Portnoy received any venture capital funding to finance the new program," writes ZDNet's Ryan Naraine. "Zero-day vulnerability research data is a booming business, especially in the grey-market where prices for for software flaws can sometimes run between $100,000 and $250,000."