Security News > 2024 > April > Ivanti commits to secure-by-design overhaul after vulnerability nightmare
Ivanti has committed to adopting a secure-by-design approach to security as it gears up for an organizational overhaul in response to the multiple vulnerabilities in Connect Secure exploited earlier this year.
CEO Jeff Abbott penned an open letter to Ivanti's customers and partners this week, saying "Events in recent months have been humbling," before detailing the various changes Ivanti plans to make.
Among the many changes to come at Ivanti HQ, one that will immediately catch the eye of security pros is its commitment to security by design - an approach the industry has long called for to be the norm.
The intent to reduce time-to-patch will come as welcome news to Ivanti customers, as will the plans to alleviate them of some of the security burden.
On-prem customers should also expect Ivanti to contact them in the coming weeks to work on securing their deployments while balancing practical realities and constraints, which the vendor understands are part and parcel with real-world network administration.
Ivanti first disclosed the main vulnerabilities that led to widespread exploits of Connect Secure and Policy Secure on January 10, including at the US national cybersecurity agency, which eventually ordered all federal agencies to remove Ivanti kit from their networks.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/04/04/ivanti_secure_by_design/
Related news
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Week in review: Ivanti fixes RCE vulnerability, Nissan breach affects 100,000 individuals (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)