Why the policy of total opacity has become the hallmark of a well-known company.
JetBrains recent continuous Integration and Delivery (CI/CD) software update for TeamCity fixed 26 security issues, but the company did not consider it necessary to disclose at least some details about the identified vulnerabilities, which caused loud discussions in the professional community.
The TeamCity version 2024.03 update is designed to protect users from potential threats, but the lack of any details about the 26 vulnerabilities causes genuine surprise among security experts. This approach of the company to information disclosure became the subject of particular criticism after the incident with Rapid7 experts, when the latter accused JetBrains of insufficient transparency.
JetBrains claims to hide details solely to protect customers using previous versions of TeamCity, but this is not a common practice followed in the industry.
However, you can understand the company's aspirations. TeamCity remains a highly attractive target for attackers seeking to attack the software supply chain. History shows that such attacks can have extremely serious consequences, as, for example, was the case with SolarWinds.
According to Elliott Wilkes, CTO of Advanced Cyber Defense Systems (ACDS), JetBrains ' lack of transparency may well be related to recent ransomware attacks, which forced the company to take additional precautions.
In addition, the new version of TeamCity even includes a feature for semi-automatic downloading of critical security updates for users of on-prem versions of the software. Previously, this feature was only available for cloud installations, and this step definitely shows JetBrains ' desire to improve the security of their systems as much as possible.
Modern threats require organizations to be constantly vigilant and ready to respond to security incidents, especially in the context of the increasing complexity of attacks on software supply chains.
JetBrains transparency policy is definitely not in line with generally accepted standards and regulations, but this approach also pays off and can have a positive impact on customer safety.
JetBrains recent continuous Integration and Delivery (CI/CD) software update for TeamCity fixed 26 security issues, but the company did not consider it necessary to disclose at least some details about the identified vulnerabilities, which caused loud discussions in the professional community.
The TeamCity version 2024.03 update is designed to protect users from potential threats, but the lack of any details about the 26 vulnerabilities causes genuine surprise among security experts. This approach of the company to information disclosure became the subject of particular criticism after the incident with Rapid7 experts, when the latter accused JetBrains of insufficient transparency.
JetBrains claims to hide details solely to protect customers using previous versions of TeamCity, but this is not a common practice followed in the industry.
However, you can understand the company's aspirations. TeamCity remains a highly attractive target for attackers seeking to attack the software supply chain. History shows that such attacks can have extremely serious consequences, as, for example, was the case with SolarWinds.
According to Elliott Wilkes, CTO of Advanced Cyber Defense Systems (ACDS), JetBrains ' lack of transparency may well be related to recent ransomware attacks, which forced the company to take additional precautions.
In addition, the new version of TeamCity even includes a feature for semi-automatic downloading of critical security updates for users of on-prem versions of the software. Previously, this feature was only available for cloud installations, and this step definitely shows JetBrains ' desire to improve the security of their systems as much as possible.
Modern threats require organizations to be constantly vigilant and ready to respond to security incidents, especially in the context of the increasing complexity of attacks on software supply chains.
JetBrains transparency policy is definitely not in line with generally accepted standards and regulations, but this approach also pays off and can have a positive impact on customer safety.
