Subgraph Vega Test

U

User7777

New Member
Joined
Aug 23, 2015
Messages
2
Reaction score
0
Our company are looking into using an online CRM solution developed in South Africa for our specific industry.
However we are not sure if these guys are actually safe. A Vega test revealed several high risk vulnerabilities.
  • Clear-text over HTTP
  • Cross Site Scripting
  • Shell injections
  • Session cookies without secure flags

So my main question would be, would you consider it worthwhile to clear up with them or rather hit an miss.
 
User7777 said:
Our company are looking into using an online CRM solution developed in South Africa for our specific industry.
However we are not sure if these guys are actually safe. A Vega test revealed several high risk vulnerabilities.
  • Clear-text over HTTP
  • Cross Site Scripting
  • Shell injections
  • Session cookies without secure flags

So my main question would be, would you consider it worthwhile to clear up with them or rather hit an miss.
Click to expand...

If the product is good from a functionality perspective, I'd let the vendor know about they problems, and see how they address them.

All software is going to have bugs, it's how the vendor behaves when they find out about them that really matters. Trying to downplay code exec and xss vulnerabilities indicates that they don't get security at all, in which case, run, don't walk, to the next best product.

If they accept them, appreciate your finding them, and fix them quickly and comprehensively, they may be worth supporting.
 
RoganDawes said:
If the product is good from a functionality perspective, I'd let the vendor know about they problems, and see how they address them.

All software is going to have bugs, it's how the vendor behaves when they find out about them that really matters. Trying to downplay code exec and xss vulnerabilities indicates that they don't get security at all, in which case, run, don't walk, to the next best product.

If they accept them, appreciate your finding them, and fix them quickly and comprehensively, they may be worth supporting.
Click to expand...

Thanks, well yes the functionality does look potentially great.
Will contact them before we sign any papers to see if we can meet some middle ground beforehand.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X