WELCOME

"The risk of BMC vulnerabilities is that any new feature

Jan. 14, 2018 by Kenneth Newton

"The risk of BMC vulnerabilities is that any new feature is going to be released in a new release of a client and it will be used for the next release," says Edward Tufte of the security team at Eclypsium. "The primary implication is that a new feature may be released every time a new client is released and it will be used to replace it. That could mean a new client in the future, or a different client in the future.

"With that said, we believe that there are many reasons why it could be helpful to have the security patch that will allow us to have the security patch that allows us to have the security patch that enables the next release. For this reason, we are working to do a pre-test of the patch that allows us to update the vulnerability to the next release."

In other words, the security patch can take down critical software before the next one is available. Even a small number of commercial cloud providers provide vulnerable, highly scalable systems, but they can't offer a pre-beta version of a software that they can only be trusted to secure.

"BMC is a very vulnerable component that we're looking at in terms of how it could be used to gain access to the next release of the software that we're getting," says Tufte. "It's kind of a different way of putting it. It could be used as a pre-beta version of the software, or it could be used as an application that we use as a pre-installation system for our other applications. It could be used to get into the next release of the software that we're getting. So we're looking at it more as a pre-test than a release, because we are looking to make sure that there are no vulnerabilities in the software that could be exploited."

BMC vulnerabilities are not rare. In 2004, security consultant Jim White, who had worked on the commercial version of Apache Linux before becoming a security consultant at HP, wrote a blog post detailing how he experienced a problem with a company that worked for IBM that he had patched through the company's security software. In a blog post titled "Apache Linux Vulnerability: How to Protect Your Data," the security consultant asked IBM employees to help him with a vulnerability that made it possible for a hacker to break into the service and steal information about the servers, including the software and data on them.

White says it was impossible to secure the service, and he had to pay $200,000 to repair the