Improved Security Testing Procedures
*This article was originally posted on the Pulse Secure blog*
As part of our ongoing commitment to deliver and maintain secure products, Ivanti is investing significant resources to ensure that all our solutions, including the Pulse Connect Secure (PCS) device, continue to meet our high standards. This week, Ivanti released PCS version 9.1R12, which includes enhanced features such as the incorporation of our Pulse Security Integrity Checker Tool directly into the product to create a seamless, more secure customer experience. This built-in feature eliminates the need for scheduled downtime to run an integrity check.
This version also addresses a number of common vulnerabilities and exposures (CVEs) identified as part of a rigorous code review that we have undertaken in close partnership with industry-leading third-party experts. Visit Security Advisory for more information. To our knowledge, none of the CVEs identified in this review have been exploited. Although we have no evidence of threat actors exploiting these CVEs, we strongly recommend customers upgrade to PCS version 9.1R12.
A rigorous code review is just one of the steps we are taking to further bolster our security and protect our customers. For instance, we are also further expanding our existing internal product security resources to ramp up the pace and intensity of testing on existing products as well as those of companies or systems that we integrate into Ivanti.
Security threats across the industry will unfortunately persist. We will continue to partner closely with customers, law enforcement, government agencies and others in the security industry to help identify, prevent and mitigate new and emerging threats and protect our customers. We are grateful to researchers who bring concerns to our attention and would direct any researchers or customers to our Responsible Disclosure Policy.