> On 22 May 2019, at 20:09, Neil J. McRae <[email protected]> wrote: > Surprised anyone uses these guys after the way they handed the last vuln they > had.
Possibly as a result of how they handled that vuln, and the CERT interventions that happened as a result, it appears that their security processes have started to mature: > We promise you that: > > • Your notification will be reviewed with our evaluation of the > notification and if the problem will be discovered it will be fixed according > to our internal processes > • If you have followed the instructions above, we will not take any > legal action against you in regard to the notification > • We will not pass on your personal details described in notification > to third parties without your permission (unless so required under the law > and request by authorities) > > When contacting MikroTik about vulnerabilities, please use the e-mail address > [email protected] Quoted from https://mikrotik.com/support (which added the "Responsible disclosure of discovered vulnerabilities" section a little over a week ago) Hopefully these steps in the right direction will continue. Marek Isalski Technical Director, Faelix Limited, https://faelix.net/ Faelix Limited: Security, Networks & Software. Registered in England and Wales. Office: The Yard, 11 Bent Street, Manchester, M8 8NF. Company: 5852778. VAT: 889 441470.
