Scores of Vulnerable SAP Deployments Uncovered

mask.of.sanity writes "Hundreds of organizations have been detected running dangerously vulnerable versions of SAP that were more than seven years old and thousands more have placed their critical data at risk by exposing SAP applications to the public Internet. The new research found the SAP services were inadvertently made accessible thanks to a common misconception that SAP systems were not publicly-facing and remotely-accessible. The SAP services contained dangerous vulnerabilities which were since patched by the vendor but had not been applied."

Re:Law should require transparency

[cusco]

Or my particular headache, you run a 24x7x365 enterprise app distributed across 18 different countries on every continent but Antarctica. We're two years behind on updates because we can't take the system down for an hour.

Re:Security and Market Dominance by Obscurity

[Rob_Bryerton]

ERP = Enterprise Resource Planning, a bad name for a general class of business software that does just about anything, from billing to shipping & receiving, warehouse automation, reporting, etc, etc. Basically a somewhat integrated suite of applications that tie all (or many) aspects of a business together, implementing business processes in software.

Implementations typically run in timescales of years and millions of dollars, with teams of developers, DBAs, etc. The software suite is a canned solution that you then slightly (or vastly) modify to tailor to your business needs. ( My job as a systems & storage administrator at a major US-based snack food company has me managing the ~30 Linux servers that run our Oracle databases on the DB tier and Oracle EBusiness suite at the application tier, backed by all manner of storage arrays, NAS devices, FC SANs, load balancers, etc, etc. Fun stuff! )

Think of it as Quicken, but on a very large scale.