Potential security vulnerability discredited

Nanometrics was recently contacted by the CERT division of the Software Engineering Institute (CERT-CC) in the US, following a third-party report to the institute outlining potential security vulnerabilities in our web-connected Taurus instruments.

Our technical staff demonstrated to CERT-CC that the reported vulnerabilities were in fact based on inaccuracies and incorrect assumptions. CERT-CC agreed that the report had no merit, that the issue was, in their opinion, sufficiently resolved and warranted no further action.

Unfortunately, presentations have been shared and articles have been published based on the discredited report. We encourage any customer who has questions or concerns to contact us directly.

We remain committed to the ongoing safety and security of all of our products and remind our customers to follow best practices for web-connected devices.

 

Aug 8, 2016