Mastodon Feed
Boosted by jsonstein@masto.deoan.org ("Jeff Sonstein"):
GossiTheDog@cyberplace.social ("Kevin Beaumont") wrote:
MongoDB have a blog out about #MongoBleed
Notably:
- Internal find at MongoDB
- they notified customers of the issue and patch availability on December 23rd
- A security vendor published technical details on December 24th, Christmas Eve
- Somebody at Elastic, a direct competitor, published an exploit with full secret extraction feature on December 25th, Christmas Day
That was an impossible situation for orgs - the security industry poured fire on them and set their own customers on fire.
