Nicole,
I have attended two of your live LEM events and met you in person at Thwack Camp 2015. I was the lone non-Solarwinds employee in the room at Thwack Camp. Now I know what the inside of a tornado feels like.
Below is what my security scanner is showing me. As you see, the Java rmi on TCP port 10009 is the worst of the issues. This is followed by the Apache Flex BlazeDS XXE Injection issue. Last issue is Slowloris. The only thing slower then Slowloris is the LEM's development team's ability to patch this seven year old issue.
Slowloris is so old.....How old is it? Slowloris is so old, if it was a child it would be in second grade. If they wait a few more years maybe Slowloris would be old enough to code a fix for itself.
Next Monday my team will be meeting with a Director of Software Development at Solarwinds to discuss our concerns.
For years I have said over and over. "Design Secure, Build Secure and Maintain Secure." Security is the first and last thought I have in every task I do at work. Because of that, security has changed over the years from about 15% of my job to over 85% of my job.
For weeks I have been trying to see movement at SW to get these issues. Over the past few days I think it is happening.
I get it, adding new enhancements and widgets is a lot more fun then fixing issues but sooner or later you have to clean things up.
Thanks for all you do,
Radioteacher
