They should be required to do audits and pen testing yearly due to requirements of government systems. It sounds like solar winds worked with pen testing firms that that just gave passing grades. Sometimes organizations purposely hire bad security talent so they don't get exposed as doing a bad job.
You mean like how the government hires Solarwinds?
I have a client that uses at least one solar wind product and I shudder....
you're saying that they can't ever be wrong in their releases?
No, I'm saying that whether right or wrong is irrelevant. That it happened is what matters. Deciding if it happened accidentally or on purpose is a different discussion. Things that happen on accident doesn't make them not have happened.
@Dashrender I'm a 3rd party to the end customer here. Acting as the middle man as the customer's IT department wanted to engage outside support to try and vet different products.
I candidly told the customer that while this product will work, it won't work with all of the features they want without some substantial changes to their infrastructure and that the support (at least from this vendor) is pretty awful.
The simple approach here is to not integrate RFID/HID's to the system and simply use the AD Integration with the built-in QR codes that each member is assigned.
Just because something may be supported, doesn't imply that it is support.
Except in this case the vendor very clearly has stated they support you adding custom attributes within AD.
saying Well - Johnny is just better employee than you, so I choose to pay him more, that isn't going to make people happy, it will likely make them less happy...
You are looking at it from the employer's perspective. Of course it doesn't help the employer. It helps the employee when they can see what X work is worth. If employee 1 makes X for a job, and employee 2 wants to know their own value, they have something to go on. If you don't know what others are paid you have almost nothing to go on.
Remember on Spiceworks when loads of people would claim that $65K was the IT industry cap? Imagine if people (and companies) were able to repeat that without anyone speaking up! People would surmise that if $65K is the top for a CIO, that a system admin must cap out at $50K and a helpdesk tech at $9/hr!
But in the real world, we know that CIOs make well into the seven figure range, admins can get well into the multiple six figures. Even good help desk leads can hit six figures. If we didn't have others to compare against, it's easy to see people misunderstanding the scope of the industry by an order of magnitude.