is the company that thinks its scanner should have unrestricted root access to the systems it scans. So, you know, it can check them for vulnerabilities, including, in due course if not already, a 'vulnerability' invented by some bad actor who has got control of Qualys, the 'checking' for which will conveniently cause a compromise on the systems being checked. On all the systems being checked, everywhere. Which is probably every *nix system in every bank.
Because that will never happen, right? Qualys is so secure you should just trust them with root access to all your systems because that will be just fine. And, well, if it did happen it wouldn't be very bad: does it matter so much if all the money is sucked out of your bank account? Of everyone's bank account?
Well, either the world just dodged a bullet, or it didn't but we don't know yet. Either way I hope Qualys just dies.
(I'm kind of annoyed that I was about 10% of the way through a blog posting on this though: couldn't they have waited so I could have said 'I told you so' at least?)