back to article 36 firms at risk from that unpatched 2010 SAP vuln? Try 500+

A vulnerability in SAP systems that some enterprises have failed to patch for six years is more difficult to fix than previously reported and estimates of enterprise exposure are way too low, according to the security consultancy that originally found it. US-CERT took the unprecedented move on Wednesday of enumerating in an …

  1. Anonymous Coward
    Anonymous Coward

    Nothing is trivial with SAP. But if you had have a system that you can't patch because you don't know the dependencies and don't understand the impact of a software change then you have a lot of issues.

    It might be difficult but 6 years?!

    I hope the CFOs of said companies are aware of the risk to their businesses of compromised software. SOX makes em personally liable...

    1. Anonymous Coward
      Anonymous Coward

      Maybe the "if it is expensive then it must be good" factor is at play here. Main problem with that attitude is that oversight is ussually an area where employees follow the leaders, so if you never ask, you'll only hear good news.

      SOX is not likely to touch larger SAP installations management because there should be a paper-trail at more than one level about solving incidents, so higher-level management is covered.

      1. Roland6 Silver badge

        Maybe the "if it is expensive then it must be good" factor is at play here.

        No the first AC had it right: nothing is trivial with ERP. I suspect that in many cases the host OS may also be years behind on patches...

  2. Aodhhan

    Once again...

    John Leyden tries to get cute with a headline and bunks up what the story is really saying.

    Don't worry John, you're not the only pseudo parajournalist on this site who doesn't know the difference between a subject and an object when writing.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020