> Earlier today, a former Chef employee removed several Ruby Gems, impacting production systems for a number of our customers.
That's some horrendous infosec. Why would ICE or anyone use this?
Can't Chef use, err, Chef or something like that to remove all credentials as soon as employees leave the organization?
It was his own gem, hosted under his own account, not Chef's. It's apparently just relied on by almost the entire Chef ecosystem, including Chef's own systems.
8 comments
[ 4.6 ms ] story [ 34.6 ms ] threadThat should have been Chef's only response, really. (That, and they still need to explain how a former developer somehow managed to break something.)
That's some horrendous infosec. Why would ICE or anyone use this? Can't Chef use, err, Chef or something like that to remove all credentials as soon as employees leave the organization?
https://blog.chef.io/2019/09/23/an-important-update-from-che...