Post AtPRB0IUQvUtKSgP3o by bert_hubert@fosstodon.org
 (DIR) More posts by bert_hubert@fosstodon.org
 (DIR) Post #AtPRB0IUQvUtKSgP3o by bert_hubert@fosstodon.org
       2025-04-24T07:40:15Z
       
       1 likes, 1 repeats
       
       "Three of the four most exploited vulns were zero days, all were in cybersecurity products (Palo-Alto, Ivanti Connect Secure, Ivanti Policy Secure and Fortinet)." https://cyberplace.social/@GossiTheDog/114391474274944937
       
 (DIR) Post #AtPRO4cLgKfcUcChTE by bortzmeyer@mastodon.gougere.fr
       2025-04-24T07:42:56Z
       
       1 likes, 0 repeats
       
       @bert_hubert Indeed, most of these "security" products are crap. But it is not a problem, you don't buy them for security, you buy them to tick a box in the auditor spreadsheet.
       
 (DIR) Post #AtPUgykQ1tcVeVgWo4 by gmassen@mastodon.opencloud.lu
       2025-04-24T08:19:55Z
       
       0 likes, 0 repeats
       
       @bortzmeyer @bert_hubert I agree more than I'd want to. Direct consequance of buying shiny things, instead of understanding your infrastructure.Hoewever, I'd argue that all the box-ticking products provide one security service: preventing denial of service from auditors / compliance people.