1 comment

[ 3.2 ms ] story [ 7.0 ms ] thread
> Duo responded immediately, got the technical team on a call shortly thereafter, had fixed it before the call and started an incident response process to identify any prior exploitation attempts (they found ours). In follow up calls they openly shared the results of what they had found and done during the fix and find phase. We are Duo customers ourselves, and this interaction gave me significant faith in their security and engineering processes.

I cringe when I'm about to read these disclosures. Often they involve some kind of ludicrous response or vendors who drag their feet. Good job, Duo!