
Multiple OSRAM SYLVANIA Osram Lightify Vulnerabilities (CVE-2016-{5051..5059}) - djvdorp
https://community.rapid7.com/community/infosec/blog/2016/07/26/r7-2016-10-multiple-osram-sylvania-osram-lightify-vulnerabilities-cve-2016-5051-through-5059
======
azdle
I'm quite surprised that "Lack of SSL Pinning" is considered a vulnerability.
I have to admit that I don't have cert pinning enabled on mt domains, mostly
because I haven't taken the time to fully understand the implications of what
enabling it means. I've heard that you need backup certs that are listed as
being authorized for disaster recovery, but I'm not totally sure what that
entails.

Do most see not implementing this as a critical security vulnerability?

