amanfromMars 1 Fri 23 Jun 08:26 [2306230826] …….. passes comment on https://www.theregister.com/2023/06/22/the_log4j_vulnerability_how_can/

Remote Weapons of Mass Virtual Destruction

Darktrace PREVENT helps here, playing the role of an attacker looking for weak points in a system. It’s a powerful tool that gives defenders a much better understanding of how they are exposed to potential wrongdoing, says Lewis. “It’s more than a simple vulnerability scan,” he explains.

That is all very well, and it may be very helpful, but …… whenever playing the role of an attacker/legitimate penetrations tester has one discovering/uncovering wilful systemic wrongdoing by that which is being betatested/penetrations tested, is the powerful tool morphed into an almighty problematic status quo dilemma rendering effected systems vulnerable to insider trading/vulnerability export attack.

Log4j and ransomware have brought home to everybody that there are some risks you don’t control but which nonetheless you can’t ignore. As a result, we may be seeing a more pragmatic approach to managing security risk amongst organisations which have moved on from seeing it as a line in a budget and a regulatory box to be ticked.

Lewis concludes: “At Darktrace we want to ensure the least possible disruption to see to it that everybody keeps their job.”

That pragmatic approach may have to accept and make adequate provision for the payment of Danegeld to discoverers/holders/guardians of Remote Weapons of Mass Virtual Destruction.

[Mail The Register
Thanks for that. Your comments have been sent to The Register’s encrypted message desk.]