topic Insecure Business Machines at it again! in Industry News https://community.isc2.org/t5/Industry-News/Insecure-Business-Machines-at-it-again/m-p/35418#M4421 <P>Hot on the heels of IBM ignoring a vulnerability disclosure from a security researcher, that could result in unauthenticated remote code execution as root, because he wasn't a paying customer...</P><P>&nbsp;</P><P>(Yes, they later said there had been a process error in acknowledging the disclosure, but only after they were ripped to shreds in the security press: <A href="https://www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/" target="_blank">https://www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/</A>)</P><P>&nbsp;</P><P>...they're now issuing take down requests for vulnerabilities in their software listed in exploit-db: <A href="https://twitter.com/offsectraining/status/1258155194535292928" target="_blank">https://twitter.com/offsectraining/status/1258155194535292928</A></P><P>&nbsp;</P><P>I won't give my opinions about IBM's security practices or capabilities on here as I was always told if you don't have anything nice to say don't say anything at all!&nbsp;<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://community.isc2.org/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" /></P><P>&nbsp;</P> Thu, 07 May 2020 10:21:36 GMT AlecTrevelyan 2020-05-07T10:21:36Z Insecure Business Machines at it again! https://community.isc2.org/t5/Industry-News/Insecure-Business-Machines-at-it-again/m-p/35418#M4421 <P>Hot on the heels of IBM ignoring a vulnerability disclosure from a security researcher, that could result in unauthenticated remote code execution as root, because he wasn't a paying customer...</P><P>&nbsp;</P><P>(Yes, they later said there had been a process error in acknowledging the disclosure, but only after they were ripped to shreds in the security press: <A href="https://www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/" target="_blank">https://www.theregister.co.uk/2020/04/21/ibm_security_vulnerabilities/</A>)</P><P>&nbsp;</P><P>...they're now issuing take down requests for vulnerabilities in their software listed in exploit-db: <A href="https://twitter.com/offsectraining/status/1258155194535292928" target="_blank">https://twitter.com/offsectraining/status/1258155194535292928</A></P><P>&nbsp;</P><P>I won't give my opinions about IBM's security practices or capabilities on here as I was always told if you don't have anything nice to say don't say anything at all!&nbsp;<img id="smileytongue" class="emoticon emoticon-smileytongue" src="https://community.isc2.org/i/smilies/16x16_smiley-tongue.png" alt="Smiley Tongue" title="Smiley Tongue" /></P><P>&nbsp;</P> Thu, 07 May 2020 10:21:36 GMT https://community.isc2.org/t5/Industry-News/Insecure-Business-Machines-at-it-again/m-p/35418#M4421 AlecTrevelyan 2020-05-07T10:21:36Z