There is nothing quite like reading a blog posting from your competitor that says:
“ Very Important Product Doesn’t Work Says NetApp.”
In spite of the claims in the original post, NetApp SnapLock Compliance continues to work.
Why did we not communicate before now? We are certain that it would take malicious intent AND more architectural knowledge than anyone other than our own design engineers possess to exploit the issue. The flaw can not be exploited by accident.
Was Customer data at risk? Only if our customers have staff criminally intent on destroying data. It would become apparent very quickly at a customer site if the flaw had been exploited. In fact the key point of note is that no vendor can guarantee with 100% assurance that data will never be lost due to any circumstance.
The Compliance business is all about trust and due diligence. NetApp discovered the flaw during rigorous multi-product testing. We have fixed the flaw in a timely manner.
All software companies have bugs, some are more serious than others. If, in NetApp’s judgement, an earlier warning had been warranted, we would have published it. No customer has reported lost or corrupted Compliance data due to this flaw. This was not an issue which warranted earlier communication. That even a required upgrade notification can be so badly distorted, into an unwarranted assertion that the product was never compliant, only calls into question the motives and credibility of the poster.
Due diligence says customers should upgrade now that we have released versions which fix the flaw.
FYI - I've piled on a little regarding this topic in my own blog :)
http://blogs.netapp.com/exposed/2008/07/responsibility.html
Posted by: Val Bercovici | July 17, 2008 at 01:11 AM
So, what was the problem, and how did Storagezilla find out about it? Enquiring minds want to know!
Posted by: Jered Floyd | July 17, 2008 at 08:18 AM