Tag
#vendor-accountability
3 posts tagged #vendor-accountability.
-
Analysis · Jun 17, 2026 · Colten Anderson
Barracuda's ESG patch worked, and you still had to throw the box in the dumpster
The May 2023 patch fixed the bug and changed nothing for compromised customers. The right move was to physically replace the appliance, and that gap is the lesson.
-
Analysis · May 18, 2026 · Colten Anderson
A valid signature is not a vouch
For 27 days the official DAEMON Tools installer carried a clean Disc Soft signature and a backdoor. The signature did exactly what it was designed to do. That is the problem.
-
Analysis · May 10, 2026 · Colten Anderson
Array Networks patched in a week and forgot to build a security program
CVE-2023-28461 is a CVSS 9.8 auth bypass on an SSL VPN that Earth Kasha was already exploiting. The fix shipped fast. The disclosure infrastructure around it doesn't exist.