About Machine emails 2022-03-01
- In normal conditions, an email is sent to the users to let them know about a comment made by our team with the result of a requested re-attack. This applies for both Machine and Squad plans. Currently, we are working on giving more useful information in the comments for re-attacks performed by Machine. Due to an error in the logic, the comment was being made for every vulnerability found by Machine, whether it had a re-attack requested or not.
What we’ve done
- We reverted the change that brought this flaw in the code. We also stopped all Machine executions that were running with a version of the code which had the bug.
What’s the impact
- Over 15.000 emails were sent to our customers whose code was analyzed by Machine before we detected the issue.
- Some findings may have a lot of comments made by Machine.
What we are doing to help
- We are going to review the bugged logic to fix it, and we are going to increase the test cases before deploying it to production.
- We are going to track the added comments and delete them from the database, so the users Consulting section is not full of useless comments.