{"id":724,"date":"2018-05-16T17:00:26","date_gmt":"2018-05-16T17:00:26","guid":{"rendered":"http:\/\/498b7db8-9196-4e4a-9ffc-116e28f7d9ef"},"modified":"2018-05-16T17:00:26","modified_gmt":"2018-05-16T17:00:26","slug":"security-vendors-need-to-stop-doing-more-harm-than-good","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/","title":{"rendered":"Security vendors need to stop doing more harm than good"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2018\/05\/16\/499b48f7-2f39-49c0-b000-79dfe2dddcfe\/thumbnail\/770x578\/afdf7ed8a69c953f8a7c45d6dc2010bd\/thefixpillman2.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p><em>Video: What security vendors can do to earn some credibility<\/em><\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>Much like physicians, <a href=\"https:\/\/www.zdnet.com\/topic\/security\/\" target=\"_blank\">security vendors<\/a> prescribe remedies for their customers&#8217; ailments.<\/p>\n<p>Unlike physicians, no <a href=\"https:\/\/www.zdnet.com\/article\/should-ai-bots-lie\/\" target=\"_blank\">Hippocratic oath<\/a> exists for security vendors. What if our industry operated under a basic tenet like &#8220;First, do no harm?&#8221; Instead, security vendors continue to add new layers of complexity, and therefore new attack surfaces, with the intention of solving a security problem on the stack below.<\/p>\n<p>Their rationale? That it is better than doing nothing or better than what the customer had in place the day before.<\/p>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/cybersecurity-how-to-devise-a-winning-strategy\/\">Cybersecurity: How to devise a winning strategy<\/a><\/strong><\/p>\n<p>This argument is short-sighted and indicates a lack of comprehension of the risk they are imparting to their customers. Is it intentional or mere ignorance on the part of the vendors? And what can enterprises do to protect themselves? How do we get to a new cybersecurity industry ethos, focused on viable solutions and committed to doing no harm?<\/p>\n<h3><strong>The cure is worse than the disease<\/strong><\/h3>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>Apple, Google, and Microsoft have spent millions of dollars, on both technology and developers, to lock down the OS and build resiliency subsystems to make exploitation highly expensive for the attacker in terms of time and labor &#8212; for example, <a href=\"https:\/\/www.zdnet.com\/article\/the-end-is-nigh-for-ios-jailbreaking\/\" target=\"_blank\">jailbreaking<\/a> or sandbox evasion.<\/p>\n<p>And yet, security vendors (including many of the biggest brands in endpoint, network security and container security) introduce new vulnerabilities and additional risk by breaking the default security boundaries established in all the major operating systems.<\/p>\n<p>Many endpoint and network security vendors introduce new attack surfaces by adding complexity. Instead of looking at the root cause of an issue, they continue to branch out and apply point solutions.<\/p>\n<p>Sometimes, these solutions break the default secure design principles established by the platform vendors. Endpoint and anti-virus software vendors that do not use privilege-separation and sandboxing therefore create a new and large attack surface at the highest privilege level of the endpoint.<\/p>\n<p>Network security appliances are essentially <a href=\"https:\/\/www.zdnet.com\/article\/google-just-added-these-antivirus-features-to-chrome-for-windows\/\" target=\"_blank\">anti-virus software<\/a> inlined at critical vantage point of a network and suffer from same diagnosis as above.<\/p>\n<p>Infrastructure security vendors expose guest virtual machine data streams to a complex parser running at the host with root privileges. The <a href=\"https:\/\/www.zdnet.com\/article\/kubernetes-1-10-improving-storage-security-and-networking\/\" target=\"_blank\">container security vendor<\/a> corollary to that would be exposing the data streams from a container to an agent running at a high-privilege level at the host.<\/p>\n<p>In addition to the clearly risky behaviors above, there is a whole subset of solutions that I call homeopathic. Essentially, these do no harm &#8212; but also do not solve any problems. You can safely list most of the governance, risk, and compliance (GRC) solutions under this subset.<\/p>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/vendor-selection-what-needs-to-be-in-a-good-policy\/\">Vendor selection: What needs to be in a good policy<\/a><\/strong><\/p>\n<p>As an industry, we do a disservice to our customers and the trust that they put in us when we not only solve their real security issues but expose them to much worse. That network appliance on the tap port is a higher order systemic risk than anything else they endured the day before its installation.<\/p>\n<h3><strong>Snake oil or solution? How to tell the difference<\/strong><\/h3>\n<p>In my experience, many <a href=\"https:\/\/www.zdnet.com\/topic\/enterprise-software\/\" target=\"_blank\">enterprise IT professionals<\/a> feel confused by the claims of vendors and the conflicting attacks they lob at each other.<\/p>\n<p>Here are a few tips and questions that help cut through the morass of mixed messages and get to the truth behind the hype.<\/p>\n<ol>\n<li><strong>How easy is the product to acquire?<\/strong> If the software is cloaked in secrecy, beware. Externally untested software is likely to have unseen flaws or skeletons in the proverbial closet.<\/li>\n<li><strong>Is the product written in a managed language?<\/strong> Managed languages like C#, Python and Go are much less likely to suffer from memory corruption issues compared to C or C++.<\/li>\n<li><strong>What are the open source and third-party components of the product?<\/strong> Understand the balance of proprietary and open source elements and the associated risks. Ask for a FOSS scan report a tool like <a href=\"http:\/\/fossology.org\/\" target=\"_blank\">FOSSology<\/a> or similar. Make sure held them accountable for outdated FOSS or 3rd-party components.<\/li>\n<li><strong>Does the vendor deploy Secure Development (SDL) practices?<\/strong> Ask about their SDL process and code audit metrics. Get documented confirmation.<\/li>\n<li><strong>Does the product break the default operating system security design?<\/strong> Any product that works outside the well established boundaries of the operating system will create more security issues than it solves. Ask whether they run complex parsers in sandboxes and use privilege process separation and brokering? A firm &#8220;yes&#8221; is what you want to hear. Does the product turn off any exploit mitigation technologies such as Address Space Layout Randomization (ASLR)? A firm no in this case.<\/li>\n<\/ol>\n<h3><strong>A prescription for vendors<\/strong><\/h3>\n<ol>\n<li><strong>Use the operating system paradigms for security.<\/strong> Operating system vendors have done the hard work and made the investment. Take advantage of the stringent security they deploy. Remain in user-mode and improve security hygiene.<\/li>\n<li><strong>Use established secure development principles.<\/strong> Get counsel on this! (Feel free to reach out directly to me for introductions to top talent consultants.)<\/li>\n<li><strong>Be transparent.<\/strong> Hire researchers, get real-world feedback, and make your product available to outside researchers.<\/li>\n<li><strong>Sandbox risky components.<\/strong> Employ privilege separation and broker complex work to sandboxed worker processes.<\/li>\n<li><strong>Stay up-to-date.<\/strong> Many vendors use outdated open source or third-party code and libraries that opens new attack surfaces in the software.<\/li>\n<\/ol>\n<h3><strong>In the end&#8230;<\/strong><\/h3>\n<p>We must have an ethical shift in the cybersecurity industry. The majority of solutions are akin to the bloodletting &#8220;cures&#8221; of the dark ages. Count yourself lucky if you don&#8217;t die from them.<\/p>\n<p>I have been in this industry for over 20 years. Our moral compass is broken and we need to act for the greater good rather than for self-promotion to fill our pockets. We must take action before a massive &#8220;extinction-like&#8221; event. A <a href=\"https:\/\/www.zdnet.com\/article\/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack\/\" target=\"_blank\">self-propagating ransomware<\/a> attack could one day spread using an anti-virus vulnerability or through a network security appliance that infects all inbound email attachments in its wake.<\/p>\n<p><strong>Read also: <a href=\"https:\/\/www.zdnet.com\/article\/the-ten-best-ways-to-secure-your-android-phone\/\">The 10 best ways to secure your Android phone<\/a><\/strong><\/p>\n<p>We cannot afford such a catastrophe. I challenge my fellow security industry leaders to make the changes necessary to evolve the industry for all our benefit.<\/p>\n<hr\/>\n<p>Sinan Eren is chief executive of <a href=\"https:\/\/fyde.com\/\">Fyde<\/a>. He is a serial entrepreneur with more than a decade of experience in the security field, working for Turkcell, Entercept (acquired by McAfee), Immunity Inc., and Preto Inc. Sinan holds a degree from Istanbul Technical University, and is a co-author of the popular book <em>The Shellcoders Handbook<\/em>.<\/p>\n<h3>Related stories<\/h3>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/security-vendors-heal-thyself-do-good-not-harm\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Opinion: What if the security industry operated under a basic tenet: &#8220;First, do no harm?&#8221;<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":725,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-16T17:00:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Security vendors need to stop doing more harm than good\",\"datePublished\":\"2018-05-16T17:00:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/\"},\"wordCount\":1089,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/\",\"name\":\"Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg\",\"datePublished\":\"2018-05-16T17:00:26+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-vendors-need-to-stop-doing-more-harm-than-good\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security vendors need to stop doing more harm than good\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/","og_locale":"en_US","og_type":"article","og_title":"Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-16T17:00:26+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Security vendors need to stop doing more harm than good","datePublished":"2018-05-16T17:00:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/"},"wordCount":1089,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/","url":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/","name":"Security vendors need to stop doing more harm than good 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg","datePublished":"2018-05-16T17:00:26+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/security-vendors-need-to-stop-doing-more-harm-than-good.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/security-vendors-need-to-stop-doing-more-harm-than-good\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Security vendors need to stop doing more harm than good"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=724"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/724\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/725"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}