Has anyone considered that maybe Fortinet is a really long-running practical joke? https://fortiguard.fortinet.com/psirt/FG-IR-25-513

This one is authenticated command injection in FortiWeb, CVE-2025-58034.

@mttaggart How they still get business baffles me...

@mttaggart Yes. And it was quite the late Patch Tuesday for them.

https://infosec.exchange/@cR0w/115572269760786635

@mttaggart We have this saying: "I hope it is serious because it'd be too crude for a joke"

@catsalad @mttaggart I lot of IT people don't know how bad they are. They're so flooded with vulns they constantly have to patch that it's hard for them to see the scale of Fortinet's trash.

@catsalad Price point >>> functionality

@cR0w @catsalad @mttaggart The price vs feature set isn't too bad for a small business to absorb. Vulns aside they've been one of the better non-enterprise grade firewalls I've had to manage.

@CrabbyIT @catsalad @mttaggart Cost, management, and usability are why I used to use them too. It's too bad that the QA / security testing doesn't keep up as it should.

@cR0w @catsalad @mttaggart What is a good alternative these days?

@CrabbyIT @cR0w @mttaggart Farming

@CrabbyIT @catsalad @mttaggart That's the problem: I don't know that there is one.

@cR0w @CrabbyIT @mttaggart No need to improve when you don't have viable competition and can buy the ones that pop up. 🤷‍♀️

@catsalad @CrabbyIT @mttaggart Ah yes, the Palo Alto method.

@cR0w @catsalad @mttaggart I will also note that IT teams are highly variable.

@mhkohne @cR0w @mttaggart Just like my sleep schedule!

@cR0w @catsalad @CrabbyIT @mttaggart
Turns out the real APT was unregulated capitalism all along