Skip to content

Search the site

Ivanti CEO promises product security overhaul, enhanced bug bounties after shocking analysis

CEO promises "rigorous threat modelling... embedding security into every stage of the software development lifecycle"

Ivanti's CEO Jeff Abbott got out of bed to shoot a video promising renewed product security.

Ivanti CEO Jeff Abbott has promised a renewed focus at the company on product security, after multiple zero days in its SSL VPN appliances were exploited in the wild this year – thousands of customers were breached.

Subsequent product analysis of the Ivanti Pulse Secure product showed that it was built with a sweeping array of unsupported and end-of-life software packages and shipped with massive 973 known vulnerabilities.

This included an 11-year-old, unsupported base operating system.

Among the Ivanti zero days exploited this year were a brace that gave any unauthenticated remote attacker remote code execution and bypassed multi-factor authentication. Mass attacks started on January 11.

This post is for subscribers only


Already have an account? Sign In