vSphere Security Concerns (source code leak)
Recently many new channels has articles on the code leak and you can see the official announcement here. VMware has also release ahead of patch cycle as well documented here.
Many users asked about the concerns they have. First and foremost, won't open source be also a concern if we were to use it as well?
Every organization would have in place certain regulation and policy in their infrastructure be it hardening, patches to be up to date and firewalls, etc. If these are been follow up and maintain compliance, is there much of a concern really?
One article from Michael White, a VCDX makes really good sense and encourage you to have a read.
This single file from ESX code dating to 2004 was leaked and I wonder who much vulnerabilities that wasn't discovered from VMware regular patches till now 8 years later. If any of the environment are still vulnerable due to this leak this will be disastrous and it can only see how back dated the servers are not keep up to date.
Keep security best practices in place, have patch applied whenever possible relating to security vulnerability. You will be pretty much safer than anyone who didn't have such practice in place.
Many users asked about the concerns they have. First and foremost, won't open source be also a concern if we were to use it as well?
Every organization would have in place certain regulation and policy in their infrastructure be it hardening, patches to be up to date and firewalls, etc. If these are been follow up and maintain compliance, is there much of a concern really?
One article from Michael White, a VCDX makes really good sense and encourage you to have a read.
This single file from ESX code dating to 2004 was leaked and I wonder who much vulnerabilities that wasn't discovered from VMware regular patches till now 8 years later. If any of the environment are still vulnerable due to this leak this will be disastrous and it can only see how back dated the servers are not keep up to date.
Keep security best practices in place, have patch applied whenever possible relating to security vulnerability. You will be pretty much safer than anyone who didn't have such practice in place.
Comments