CommScope RUCKUS Community Forums

hi,

I have read the Ruckus Security Advisory and also
https://theruckusroom.ruckuswireless.com/wi-fi/2017/10/16/commonsense-approach-uncommon-problem/ and many other stuff.

This all show ruckus in a very bad light. Can we still trust?

Ruckus was informed many weeks/months ago about this issue and the disclosure date.

But the customers was left alone!!

I was informed since two day's (CET timezone) about this issue. I waited for
the public disclosure yesterday and opened a case at ruckus cause no information
about it was found online.

All other major vendors did have the updates ready and informed their customers
at the same time the issue was going public. They had their communication ready
and send it out to their partners and customers at the right time.

Ruckus didn't they don't even inform the partners!!

What I as customer with contract and as partner has expected:

1. No out of office notification if someone mails to your security contact (security@ruckuswireless.com)
   This E-mail has to go to an high priorized and monitored queue in an ticket
   system,

2. That your support people and partners would inform one or two day's before
   the public disclosure.

3. That you have the right communication for all your customers ready and put
   it in the right time on the right places (webside, newsletter, twitter...)

4. That you have your firmware fixes ready to deploy and if it is possible
   some advanced monitoring ready for this issue and for broken clients.

What I now expect:

1. really fast update availability, even for older systems and without contract*

2. transparent communication what went wrong and why

3. better documentation and reporting how to fix the problem in our company's,
   not even on the wireless system side:

    * How to detect clients with this problem
    * For which clients are updates available


I'm located in germany, the public  disclosure was now nearly 24hour away,
even the radio stations here  broadcast informations about this issue faster
then you.

At this morning the German Federal Office for Information Security has send out
an public announcement that all people should update their clients and
accesspoints / routers if possible or contact their vendors for updates.

The phones are ringing with customers, cto's and so on. All want to have a
status about this issue and a dead line then it is fixed.

Yes the major problem are the client's, but the accespoints and controllers
should be fixed also and I expect that I get some help from my wireless system
to detect the problem on the clients if I have a managed wireless solution
not one single accesspoint.

Our company has already rolled out the patcheѕ for our clients.
Even microsoft has the patches already in place.

For me it looks like ruckus has ignored the advisory and now the
try to react on it. This has nothing todo with enterprise support!!

There is absolute no excuse for this!!

For me the trust in your security support is gone, and there must
be very good arguments that we will stay with ruckus after our contract
ended.


* cause how it was happend (see what I expected)