Ivanti CEO promises product security overhaul, enhanced bug bounties after shocking analysis
CEO promises "rigorous threat modelling... embedding security into every stage of the software development lifecycle"
Ivanti CEO Jeff Abbott has promised a renewed focus at the company on product security, after multiple zero days in its SSL VPN appliances were exploited in the wild this year – thousands of customers were breached.
Subsequent product analysis of the Ivanti Pulse Secure product showed that it was built with a sweeping array of unsupported and end-of-life software packages and shipped with massive 973 known vulnerabilities.
This included an 11-year-old, unsupported base operating system.
Among the Ivanti zero days exploited this year were a brace that gave any unauthenticated remote attacker remote code execution and bypassed multi-factor authentication. Mass attacks started on January 11.