It seems that I have stirred up a small hornets nest with my
recent
comments on DNP and the Crain-Sistrunk reported vulnerabilities. I’ve had
emails, private LinkedIn® comments and Google+® responses about the situation.
Some of what I’ve been told I’ve been asked not to repeat or to not attribute
and I’ve been promised that there will be more to the story in the not too
distant future.
I’ve had a couple of people (that should know) assure me
that the recent spate of DNP related ICS-CERT advisories are based upon
implementation errors, not inherent errors in the DNP protocol. It also seems
that there may be other ICS protocols that may be undergoing the same type of
detailed review that have resulted in this spate of vulnerability
announcements.
Things are not going to be dull.
Posts
No comments:
Post a Comment