It all started on a Slack channel.
Tom Pohl, the Head of Businessolver’s Software Architecture and resident white hat hacker teamed up with a friend and threat researcher at Aruba Networks, Nicolas Starke, to expose vulnerabilities lurking in Netgear firmware. Without getting into the technical weeds, they exposed a major vulnerability that put many home networks and computers at risk to be accessed by bad guys.
To put everyone at ease, let me first state that we don’t use Netgear products. So, why is this important to call out? I sat down with Tom to get his thoughts on why this discovery matters to our business. Here’s what he had to say.
What does this discovery tell us about our business?
We are a private software company that uses other products to ensure the security of our client’s data. It’s part of our dedication to security that I check for vulnerabilities in all the products we use. If I do find a vulnerability and inform the company immediately, I also take into consideration how quickly they fix the issue and what their process is to address the vulnerability or bug. I’ve turned down partnerships purely on the fact that they didn’t correct an issue. Additionally, it’s important for these companies to announce their vulnerabilities publicly, so that all users know the risk. This is something that Netgear did not do when the issue was first reported to them. In fact, they didn't respond at all.
Why should this matter to our clients?
Our process is another layer of security for them and their employees’ data. We don’t build firewalls and we don’t build routers. We buy other products to do that. But we look at their firmware and technology close enough in order to have a very high confidence in our vendors. Not everyone is doing this. I can guarantee that the bad guys are looking for vulnerabilities, and we have to find them before they do.
If you want to learn more about cybersecurity, watch our special cybersecurity video series below.