"We fully support the timely disclosure of vulnerability details when a fix is released," writes Daniel Gallo, TeamCity solutions engineer at JetBrains. "However, we provide only the necessary details for customers to understand the vulnerability's scope and severity, enabling them to take the appropriate actions, but without disclosing so much information that it facilitates straightforward exploitation."
"This was due to the immediate availability of publicly documented exploit examples published by Rapid7, which meant attackers of any skill level had all the resources they needed to quickly exploit the vulnerabilities in the wild," says Gallo.
[
add
]
[
|
|
...
]