The purpose of cybersecurity products and companies is not to sell security. It's to sell the illusion of security to (often incompetent) execs - which is perfectly fine because the market doesn't actually punish security breaches so an illusion is all that's needed. It is an insanely lucrative industry selling luxury-grade snake oil.

Actual cybersecurity isn't something you can just buy off-the-shelf and requires skill and making every single person in the org to give a shit about it, which is already hard to achieve, and even more so when you've tried for years to pay them as little as you can get away with.

If crowdstrike is any indicator, expect Ivanti stock to go up now. Seems to be the mo for security companies. Fuck up, get paid.

> How they haven't been sued into bankruptcy is something I'll never understand.

Isn't most off-the-shelf software effectively always supplied without any kind of warranty? What grounds would the lawsuit have?

Well, next week there will be a similar vulnerability Fortinet and everyone will momentarily forget about Ivanti again :-)