2 comments

[ 2.9 ms ] story [ 17.6 ms ] thread
Sounds like they weren't paying attention to CVEs

Since it came out a couple months before the breach

heck - just needed to read one more paragraph down:

> "The cited Apache Struts flaw dates back to March, according to a public vulnerability disclosure. Patches were released for the vulnerability, suggesting that Equifax did not install the security updates."