Chuckles Today. SIEM provider Huntsman are still shipping software agents with the two year old log4j vulnerabilities, meaning that your overall inherent risk position is *worse* with their solution that not bothering at all. Huntsman response when you ask them why they are shipping critically vulnerable softweare is to say that it’s not exploitable. Oh, that’s okay then, as long as vendors make ‘not vulnerable’ claims, then the whole world is safe again. Customers should ask them if they will indemnify losses incurred if they do get exploited and then see how long it takes Hunstmans to ship code without 2 year old CRITICAL vulnerabilities 😉
Rule #1: Huntsman Defence Grade Security Information and Event Management: Not defence grade, not secure, doesn’t raise events about it’s own issues, doesn’t provide information about it’s own issues. Not much left in that product name after fixing the violations: “Huntsman mm m mm m m mm m ‘.