WingNews logo WingNews
top | item 46946416

(no title)

mmsc | 20 days ago

Every single Ivanti product (including their SSL-VPN) should be considered a critical threat. The fact that this company is allowed to continue to sell their malware dressed-up as "security solutions" is a disaster. How they haven't been sued into bankruptcy is something I'll never understand.

discuss

order

Nextgrid|20 days ago

The purpose of cybersecurity products and companies is not to sell security. It's to sell the illusion of security to (often incompetent) execs - which is perfectly fine because the market doesn't actually punish security breaches so an illusion is all that's needed. It is an insanely lucrative industry selling luxury-grade snake oil.

Actual cybersecurity isn't something you can just buy off-the-shelf and requires skill and making every single person in the org to give a shit about it, which is already hard to achieve, and even more so when you've tried for years to pay them as little as you can get away with.

bootsmann|20 days ago

Actually there is a significant push to more effective products coming from the reinsurance companies that underwrite cyber risks. Most of them come with a checklist of things you need to have before they sign you at any reasonable price. The more we get government regulation for fines in cases of breaches etc. the more this trend will accelerate.

awesome_dude|20 days ago

I think, to add to the comment, the whole raison d'ĂȘtre of zero days is that an (exploitable) bug has been found that the producer of the software is not aware of/has not produced a patch for.

It's fine to say "Look this is bad, don't do" and "A patch was issued for this, you are responsible" but when some set of circumstances arises that has not been thought about before that cause a problem, then there's nothing that could have been done to stop it.

Note that the entire QA industry is explicitly geared to try and look at software being produced in a way that nobody else has thought to, in order to find if that software still behaves "correctly", and <some colour of hat> hackers are an extension of that - people looking at software in a way that developers and QA did not think of.. etc

cortesoft|20 days ago

It's also selling box checks for various certifications.

chha|20 days ago

So true. Can't wait for NIS2 to be implemented in my location (EU); the new directive allows authorities to hold board members and CEOs personally responsible for cybersec fails (although only as a last resort, after trying other means).

yoyohello13|20 days ago

If crowdstrike is any indicator, expect Ivanti stock to go up now. Seems to be the mo for security companies. Fuck up, get paid.

Ekaros|20 days ago

There is no bad publicity? I take few had heard of them before so this is free marketing putting the name in public. Or then there is some broken LLM based sentiment analysis bot that automatically buy companies in news...

waihtis|20 days ago

Well, next week there will be a similar vulnerability Fortinet and everyone will momentarily forget about Ivanti again :-)

mmsc|20 days ago

Yes. These companies should be shut down in the name of national security, seriously.

Nextgrid|20 days ago

> How they haven't been sued into bankruptcy is something I'll never understand.

Isn't most off-the-shelf software effectively always supplied without any kind of warranty? What grounds would the lawsuit have?

mmsc|20 days ago

Suing for negligence and friends is how car companies -- when it is found out they've built something highly unsafe/dangerously broken -- happens. I don't see the difference.

pseudohadamard|20 days ago

That sounds scarily like you're describing FaultyGate. Is there any company in this space that doesn't sell crap products?