John is a software engineer and a pretty good one. He works for a company that processes online payments. On Thursday, August 1, John's bosses pulled him into an urgent security meeting.
John was scared but also very curious. What could have happened? The last time John was called into a security meeting was in 2017, more than two years ago, during the three ransomware outbreaks that occurred that year -- WannaCry, NotPetya, and Bad Rabbit.
A few months before, Microsoft disclosed a major security flaw impacting the Windows OS, named BlueKeep, and his company barely reacted, merely sending an internal security alert, telling software engineers to review RDP access settings on Windows systems.
Sitting in a conference room and waiting for execs and engineers to take their seats, he couldn't contain his curiosity. If they didn't react to BlueKeep, what were they reacting to now? What could have caused such a panic and reaction at the company?
But then, the meeting started, and John found that all the ruckus was because of MuleSoft. He snickered. Two seconds later, after he realized what this meant, he stopped thinking it was funny.
MuleSoft, a company now owned by Salesforce, makes middleware[1]. Middleware is what engineers call "software glue." You can find it in all big companies across the world.
Middleware can be used to link cloud apps distributed across tens, hundreds, or thousands of servers, but it can also be used on smaller networks, to translate data as it moves between apps that work in different formats. Everybody uses middleware. Everybody!
The secret MuleSoft notification emails
As he sat through the meeting, John learned about a security vulnerability in MuleSoft's Mule runtime and API