I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)
Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)
SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who’s working too hard. But SQL injection vulnerabilities are the result of doing something we’ve been taught for decades to never do, so I can’t imagine any excuse for this.
https://community.progress.com/s/question/0D54Q0000AL2k8jSQB/moveit-transfer-critical-vulnerability-may-2023
I agree there should perhaps have been better controls in place to check for SQL Injection vulnerabilities, and that yea some businesses try hard to maximise profits, but I would also say that developers are not infallible :)
Without seeing anything standing out on their website, I think this does show the importance of getting your product regularly security audited by and external, third party :)
SQL injection? Oh, good grief. Here I was assuming it was some subtle bug, like use-after-free or using a cryptographic primitive slightly wrong—an honest mistake made by a developer who’s working too hard. But SQL injection vulnerabilities are the result of doing something we’ve been taught for decades to never do, so I can’t imagine any excuse for this.