▲ 22 r/vmware
VMware - "Trust me bro"
How do we all feel about https://knowledge.broadcom.com/external/article/414415/authenticated-network-scan-of-vcf-infras.html ?
Government teams (or public sector where it applies), how are you handling this? How have you been handling VMware's third party scans? (subtracting false positives). We're seeing CVSS > 9 and above reports for current supported releases. Official VMware support has been...typical.
This has always been a sore spot talking to security personnel, and that article seems like they are slinking away from any responsibility.
EDIT: Nobody that responded seems to be held against NIST SP 800-53. Anybody of relevance want to chime in? Are you just risk accepting the whole appliance?
u/enowai88 — 7 days ago