[UPDATE] Welcome to all of our CA readers.
Secunia took a strip off CA in their report released last week and based on their track record (.pdf) who can really blame them?
From CNET:
One CA product particularly criticized by Secunia was ARCserve Backup, which the security company said was poorly coded.
“ARCserve is inherently insecure,” Thomas Kristensen, Secunia’s chief technology officer, told CNET News.com sister site ZDNet UK on Tuesday. “It’s poor code, with a poor design. An internal code review should have revealed problems in the code that needed to be fixed before the product was launched.”
In a statement sent to ZDNet UK, CA said that it was improving its quality-assurance procedures.
“CA takes software security very seriously,” said the statement. “CA works continuously to prevent and proactively identify and address vulnerabilities. We have rigorous quality-control measures in place for our software, and we continue to improve those measures.”
Um, OK. I’m a little torn here as I routinely submit vulnerabilities to vendors to have them fixed and (with one glaring exception) they are always responsive and the problems actually are addressed. Hopefully CA can get their act together.
[tags]CA Software, Computer Associates, Secunia Report, ARCserve[/tags]
