A researcher found zero-days in one city’s software. Then he realized the problem could be bigger.

I’m glad for researchers. According to this article which I’m using the title of for this post, a City was involved where researchers found problems within its spoftware.

For Quentin Rhoads-Herrera, this was not a typical security test.

A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects.

There were more than a dozen zero days that were found, according to the article.

The product, known as CIPAce, has been used by public and private sector organizations to collect invoices and manage contracts and budgets, according
to CIPPlanner Corp., the company that makes it. 

“If one attacker happens to exploit this city, then they can look and see, easily, every other city that’s using this … and attack them using the same
methods,” said Rhoads-Herrera, a penetration tester at CriticalStart, a Texas-based cybersecurity company. He tried to contact another municipality to
warn it about the issue.

I want to acknowledge these researchers for doing the job required to keep our software safe! Without you, ransomware and all kinds of things can be used to harm our governments, and that could be a problem. Thank you so much for all you do in this field.

To learn more about this initiative read this Cyber Scoop article: A researcher found zero-days in one city’s software. Then he realized the problem could be bigger. and lets praise these people for doing the job required to keep us safe.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.