Our product has several security levels that most of our customers take advantage of. However, our security is not designed to stop attackers who breach a company’s IT defenses and are then able to masquerade as legitimate users.
(Vocus) March 5, 2010
Perforce Software as well as other companies, whose applications house critical data, was the subject of a White Paper issued by McAfee on March 3, 2010.
As the White Paper states, Perforce “has long been a staple of source code control systems and has thousands of customers. Its products are used by the largest Fortune 1,000 companies.” It stands to reason that when hackers are looking for a company’s intellectual property (IP), they would look to Perforce where the content is versioned and managed.
Christopher Seiwald, President and Chief Technology Officer of Perforce Software said, “Our product has several security levels that most of our customers take advantage of. However, our security is not designed to stop attackers who breach a company’s IT defenses and are then able to masquerade as legitimate users. We use our own product, Perforce, to develop our product and we use security software to protect ourselves.”
McAfee’s White Paper and Perforce
According to MacAfee’s White Paper, hackers used an Internet Explorer exploit to masquerade as our customers' legitimate users. They then accessed Perforce as legitimate users in an attempt to steal IP.
In addition, McAfee Labs reviewed the freely available version of our SCM system aimed specifically at people evaluating Perforce and casual users. Many of the vulnerabilities McAfee identified were due to running our product with security turned ‘off’, which is how we distribute the trial version of our SCM system. In addition, they did not determine these vulnerabilities played a role in the recent attacks.
What We Are Doing
Last week we received a preliminary version of McAfee’s findings. We plan to follow the recommendations McAfee has suggested. These improvements are aimed at ensuring legitimate users stay within their bounds.
We are issuing a reminder to our customers to run Perforce with the security turned ‘on’ as well as other security recommendations.
About the Perforce SCM System
Perforce, the Fast Software Configuration Management System, is an award- winning tool that versions and manages source code and digital assets for enterprises large and small. Perforce is easy to install, learn and administer; seamlessly handles distributed development; and supports developers across a large number of platforms. Perforce ensures development integrity by grouping multi-file updates into atomic changes, enables concurrent development, and intelligently manages multiple software releases using its Inter-File Branching system.
About Perforce Software
Founded in 1995, Perforce Software Inc. develops, markets and supports Perforce, the Fast Software Configuration Management System. Perforce Software is headquartered in Alameda, Calif., and sells worldwide. The company has international operations in Europe, Japan and Australia. In addition to application software companies, Perforce customers represent a broad range of industries including game development, electronics, pharmaceutical and financial