That is good to see. On 22 May 2019, at 20:27, Marek Isalski <[email protected]> wrote:
>> On 22 May 2019, at 20:09, Neil J. McRae <[email protected]> wrote: >> Surprised anyone uses these guys after the way they handed the last vuln >> they had. > > Possibly as a result of how they handled that vuln, and the CERT > interventions that happened as a result, it appears that their security > processes have started to mature: > >> We promise you that: >> >> • Your notification will be reviewed with our evaluation of the >> notification and if the problem will be discovered it will be fixed >> according to our internal processes >> • If you have followed the instructions above, we will not take any legal >> action against you in regard to the notification >> • We will not pass on your personal details described in notification to >> third parties without your permission (unless so required under the law and >> request by authorities) >> >> When contacting MikroTik about vulnerabilities, please use the e-mail >> address [email protected] > > > Quoted from https://mikrotik.com/support (which added the "Responsible > disclosure of discovered vulnerabilities" section a little over a week ago) > > Hopefully these steps in the right direction will continue. > > Marek Isalski > Technical Director, Faelix Limited, https://faelix.net/ > > Faelix Limited: Security, Networks & Software. Registered in England and > Wales. Office: The Yard, 11 Bent Street, Manchester, M8 8NF. Company: > 5852778. VAT: 889 441470. >
