"One thing always funny about people complaining about tweetable bugs like the F5 bug is that they somehow assume that it was never found and used as 0day, so patching 'fast' is a good solution," Aitel tweeted out on Tuesday (AEDT), in a somewhat sarcastic take on the issue.
One thing always funny about people complaining about tweetable bugs like the F5 bug is that they somehow assume that it was never found and used as 0day, so patching "fast" is a good solution.— daveaitel (@daveaitel) July 6, 2020
The bug was widely reported in the American and other tech media on Monday (AEDT).
Over the weekend, F5 issued an advisory urging people to patch what it characterised as a dangerous security flow that it said was extremely likely to be exploited.
It is one of the more popular networking devices in use and is in use by governments globally, by ISPs, in cloud computing data centres and across business networks.
The company claims that 48 out of the top Fortune 50 companies use BIG-IP devices.
Aitel has close connections to the cracker community, having sold zero-days to rustle up cash when he was starting out in business. He founded the firm Immunity, and sold it to Cyxtera Technologies last year. Immunity was set up by Aitel when he was just 24, after spending six years with the NSA.
Immunity has a business model of discovering or buying exploits and then using that knowledge to protect its own customers. The exploits are never revealed to the companies whose software is affected, something that mirrors the practice of the NSA.
Indeed, Aitel is ex-NSA, a fact that he does not publicise much, but one which has earned him great respect in the information security business.
He is also known for taunting people about issues to do with security, especially when the NSA is criticised.
"Blaming people who tell you about the problem is as useful as blaming the COVID-19 tests for creating the disease," Aitel added in another tweet.