An open-source IT monitoring software firm has clashed with a security consultancy over the seriousness of a security bug in its technology. GroundWork's technology provides a platform for IT operations management (network, system, application, and cloud monitoring) that is used by customers including Hitachi Data Systems, the …
Head in the Sand
When I'm looking to purchase new resources one of the first things on my mind is availability. Second in line is usually security. If a product, that has unfettered access to production environments, is not secure or is not able to show how secure it is then it just is not on the table as a viable option.
This not only includes the usual coding to secure standards but also support and the vendors incident response capabilities.
Seem to me that these guys fail pretty much on all fronts.
Easy solution? Give your techies the time and ability to thoroughly rip it to shreds and put it together again. Research the company and and reference sites as well as customers and see if they've had issues.
Cowboys in IT...do no one any favours.
You get what you get
The slow response and insufficient measures by Groundwork are not a responsible way to react for a vendor who supplies software for government agencies and large data centers.
No, but they are an excellent way not to do business with the government.