10. Carbon Black
Security solution provider DirectDefense said in August it had discovered a significant data leak in Carbon Black's endpoint detection and response (EDR) offering that was exposing thousands of files and critical data on the security vendor's customers.
The data leak problem centers around the third-party, cloud-based multi-scanner service Carbon Black uses to upload files to determine whether they are good or bad against multiple anti-virus engines, according to DirectDefense CEO Jim Broome.
Any files uploaded by the EDR offering and then forwarded to the cloud-based multi-scanner were available for sales to anyone that wants them and is willing to pay, according to DirectDefense. That involves the sale of the files submitted as samples of malware.
CarbonBlack called DirectDefense's report incorrect, saying that its optional data exfiltration feature is turned off by default, and allows customers to share information with external sources to better detect threats. DirectDefense is a top partner of Carbon Black competitor Cylance, advocating in many of its blog posts for the technology.
