Yeah, I was trying to make sense of what was described here.
Is it that (through some mechanism) an actor gained access to F5's sytems, and literally found undisclosed vulnerabilities documented within F5's source control / documentation that affects F5's products?
A simple search across a codebase for "TODO" will find all sorts of things left undone, but having access to source control and commit messages, who knows what you might find.
"Here be dragons" is also a good search if you're responsible for security hardening legacy code.
Yeah that’s what I’m understanding is the case. That’s why they’re harping on no known (unreleased) vulns. But it’s kinda funny, a lot of times bugs that fall under this category are constantly shuffled around/not fixed because there is no public pressure to address them.
bangaladore|4 months ago
Is it that (through some mechanism) an actor gained access to F5's sytems, and literally found undisclosed vulnerabilities documented within F5's source control / documentation that affects F5's products?
If so, lol.
dwd|4 months ago
"Here be dragons" is also a good search if you're responsible for security hardening legacy code.
tru3_power|4 months ago