http://www.theregister.co.uk/2013/03/12/open_source_monitoring_software_bug/ By John Leyden The Register 12th March 2013 An open-source IT monitoring software firm has clashed with a security consultancy over the seriousness of a security bug in its technology. GroundWork’s technology provides a platform for IT operations management (network, system, application, and cloud monitoring) that is used by customers including Hitachi Data Systems, the Royal Bank of Canada, NATO, National Australia Bank, Siemens, and Tivo, among many others. Security bods at SEC Consult last week published an advisory warning of “multiple critical vulnerabilities” in the GroundWork Monitor Enterprise platform. The firm said that many of the flaws cover authentication problems and claimed they are so serious that customers ought to avoid using the technology until the flaws are patched. The Austrian security consultancy also published a separate bulletin warning of other “high risk” bugs. In response, GroundWork said its users were looking for “ease of use” rather than “maximum security”. It didn’t release a patch and told its users that tightening up settings was optional. […] ______________________________________________ Attend #HITB2013AMS April 8th – 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org