WatchGuard – a market leader in security devices – appears to have kept a significant vulnerability secret – although it did patch the issue.
WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica
If they patched the issue, then surely everything is fine. Well no. Keeping these issues secret only helps the hackers. When people know there is a problem, before the patch is issued, they can take other steps to protect their systems – relying on their defence in depth. Then when the patch is released they can promptly apply it – and keep the hackers out.
This is cyber security 101 – and the people in charge at WatchGuard know this process. For their own reasons they chose to put their users at risk!
Clive Catton MSc (Cyber Security) – by-line and other articles
