Security News > 2024 > March > JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

"We fully support the timely disclosure of vulnerability details when a fix is released," writes Daniel Gallo, TeamCity solutions engineer at JetBrains.

Following Rapid7's detailed disclosure, within hours on-premises TeamCity users were reporting being hit by ransomware attacks.

The policy reads: "Through transparent, open, and timely vulnerability disclosures, Rapid7 helps the entire internet protect and defend those assets and services critical to modern civilization."

Rapid7's disclosure timeline indicates that both it and JetBrains differed on their definition of what is meant by "Silent patching," and after seeing JetBrains' TeamCity patches go live, that's what triggered the researcher's full publication.

The to and fro should inform future discussions around public disclosures, and the ransomware attacks against TeamCity customers shouldn't be taken lightly.

Even if Rapid7 thought JetBrains was silently patching vulnerabilities, an assertion JetBrains denies, waiting a week before outing the developer may have helped customers apply patches to prevent these costly attacks.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/03/12/jetbrains_is_still_mad_at/