What happened 

• In normal conditions, an email is sent to the users to let them know about a comment made by our team with the result of a requested re-attack. This applies for both Machine and Squad plans. Currently, we are working on giving more useful information in the comments for re-attacks performed by Machine. Due to an error in the logic, the comment was being made for every vulnerability found by Machine, whether it had a re-attack requested or not.

What we’ve done 

• We reverted the change that brought this flaw in the code. We also stopped all Machine executions that were running with a version of the code which had the bug.

What’s the impact 

• Over 15.000 emails were sent to our customers whose code was analyzed by Machine before we detected the issue.
• Some findings may have a lot of comments made by Machine.

What we are doing to help 

• We are going to review the bugged logic to fix it, and we are going to increase the test cases before deploying it to production.
• We are going to track the added comments and delete them from the database, so the users Consulting section is not full of useless comments.