Post · bonfire.cafe

Post

Kevin Beaumont

@GossiTheDog@cyberplace.social · 3 weeks ago

MongoDB have a blog out about #MongoBleed

Notably:

- Internal find at MongoDB

- they notified customers of the issue and patch availability on December 23rd

- A security vendor published technical details on December 24th, Christmas Eve

- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day

That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.

Joel Michael

@jpm@aus.social replied · 3 weeks ago

@GossiTheDog and this right here is why I left IT security - security vendors dropping trou and taking a massive steaming shit on their competitors products while screaming LOOK AT ME IM DOING A SECURITY!!!

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1 no JS en

Automatic federation enabled