Ivanti Commits to Enhanced Security Measures Following Disclosure of 4 New Vulnerabilities

Published:

Ivanti Announces Security Overhaul Amid Fresh Set of Bugs In Connect Secure and Policy Secure Products

Ivanti CEO Jeff Abbott has announced a complete overhaul of the company’s security practices in response to a series of bug disclosures in its Ivanti Connect Secure and Policy Secure remote access products. This comes after Ivanti disclosed four new bugs this week, including high-severity vulnerabilities that pose a risk to customers.

In an open letter to customers, Abbott outlined a series of changes that Ivanti will implement in the coming months to enhance its security operating model. This includes a revamp of engineering, security, and vulnerability management processes, as well as the implementation of a new secure-by-design initiative for product development.

These changes aim to embed security into every stage of the software development life cycle and enhance internal vulnerability discovery and management processes. Additionally, Ivanti plans to increase incentives for third-party bug hunters and provide more resources to customers for finding vulnerability information.

Despite these commitments, some customers remain skeptical due to Ivanti’s recent security track record, which includes a total of 11 vulnerabilities disclosed since January. Security researcher Jake Williams notes that many Fortune 500 clients view Ivanti’s response as “too little, too late,” raising concerns about the security of Ivanti’s products.

The steady stream of bug disclosures has led to questions about the risk posed to Ivanti’s 40,000 customers worldwide. Some customers have expressed frustration, while competitors like Cisco have seized the opportunity to offer incentives to lure Ivanti VPN customers to their platforms.

Analyst Eric Parizo attributes some of Ivanti’s challenges to its history of acquisitions, resulting in uneven software quality. However, he sees Ivanti’s commitment to improving security processes as a positive step and suggests that indemnifying customers for damages from vulnerabilities could help restore confidence in the company.

Related articles

Recent articles