Re: Reality bites
"This Struts issue is one of the drawbacks of libraries that ship in the folder with the code rather than patches applied at the OS level..."
Correct and this is why the STRUTS and other problems are actually far, far more prevalent than companies believe. Vulnerability scanners just look in default locations unless you specify the correct path. Vulnerability scanner vendors are now listing a warning that they may only find vulnerable components if installed in default paths.
But companies won't care because they can just blame the hack on their defective scanner. Less findings = less work.
Biting the hand that feeds IT
