We will soon be disclosing CVE details and write-ups of two critical vulnerabilities we recently discovered in the online appointment & booking system, SimplyBook.me.
Recently, we had to integrate an online booking system into our website so that clients can more easily access our courses and training at a time that suits them.
So as you can imagine, no self respecting cyber security company would implement such a platform without first seeking permission to conduct their own security testing, carrying out the necessary security tests, and reporting any findings to the vendor so they can improve their product.
To cut a long story short, we went with SimplyBook.me as our platform of choice because it’s a great easy to use product that did just what we needed. But also mainly due to the positive and proactive approach they took as a company when we reported two separate critical vulnerabilities in their platform to their security team.
It’s important to understand, every software product has security bugs in it! The best we can all do is try to create a positive dialogue between researchers and product vendors so the steps needed to fix problems can be taken efficiently and smoothly.
To be honest, we were anxious about approaching the company with the details of what we’d discovered, but we needn’t have been. The support and security teams we dealt with behaved in the best possible way we could have expected, which was great to see.
It will take a little time for the devs to provide fixes and we won’t provide any details of the vulnerabilities or exploits until then. But check back soon and be sure to read about our findings when we publish them.
Thanks for reading…
See you next time,