Additional Detail About Product Vulnerabilities Recently Disclosed

News

We at Kaseya take the security of our products very seriously and we would like to provide some additional detail about the product vulnerabilities that we recently disclosed:

  1. Security awareness is built into Kaseya’s R&D processes and as the leader in the RMM market, we hold ourselves to the same high standards regarding responsible security disclosures as other market leaders such as Oracle, Microsoft, and Cisco — and, regrettably, vulnerabilities are found in all of software products.
  2. Our security incident response process worked — we were contacted by the security researcher who discovered the vulnerability and we commenced analysis with him and what would be required to fix it.   The researcher followed the industry practice of not disclosing the vulnerability for a fixed period of time to allow us time to mitigate it.
  3. We then developed a patch for this complex issue for all affected version, so that our customers would not be forced to do an emergency upgrade to mitigate this vulnerability.
  4. We then notified our users of the vulnerability and the upcoming availability of a patch and advised them to schedule the update before the vulnerability was disclosed on September 11th.  This gave them time to deploy the patch during one of their normal maintenance windows so that customer-facing operations were not affected.
  5. The responsible party then disclosed the vulnerability after our customers had ample opportunity to apply the patch.

For an in depth discussion on how seriously we take security in our R&D processes at Kaseya, please read the following blog post by our CTO, Dana Epp, who is a well-known industry expert in security.

Posted by Mike Puglia
Mike Puglia
Mike Puglia brings over 20 years of technology, strategy, sales and marketing experience to his role as Kaseya’s chief customer marketing officer. He is responsible for overall customer marketing, management and development across Kaseya’s portfolio of solutions. Prior to joining Kaseya, Mr. Puglia was vice president of marketing for TimeTrade Systems, where he managed and executed on marketing programs and communications strategy. Mr. Puglia joined TimeTrade from Salesforce.com, where he led the technical program management integration of real-time collaboration technologies into Salesforce’s Chatter Social Enterprise platform. Prior to his role at Salesforce, Mr. Puglia was vice president of marketing at Dimdim, a provider of cloud-based collaboration software, which was acquired by Salesforce in 2011.
2019 Connect IT Techie Awards Presentation

Connect IT Global: Day 3 Recap (It’s a Wrap!)

What a conference it’s been! Building on the success of previous Kaseya conferences, this first-ever Connect IT Global was THERead More

Connect IT Lighted Sign

Connect IT Global: Day 2 Recap

For attendees at Connect IT Global, Day 2 was full of opportunities to learn and be excellent across three keyRead More

IT Glue A Kaseya Company

Connect IT Global: IT Glue Offers Limited Release of Network Glue for Powerful Network Discovery, Documentation, and Diagramming

Announced at Connect IT Global, Network Glue automates capturing, displaying, and refreshing network device information inside of IT Glue accounts. NetworkRead More

Connect Global IT - Fred Voccola Keynote

Connect IT Global: Day 1 Recap

What a day it was – building on the Pre-Conference energy (packed training sessions! an exciting Customer Success Council includingRead More

Connect IT Asia-Pacific - Don't Miss the Premier IT Management Event of the Year - Join Us in Sydney 1-3 October 2019 - Register Now

Archives

Categories