After a couple of years using XG I have a few suggestions. Sorry about the formatting apparently CR’s don’t work for me.
1) sign your ISO’s and other files with gpg. Seriously. Now. You’re a security company giving people unverifiable downloads (or occasionally with a hash, which only protects against innocent corruption). A gpg signature proves origin. (From the extension, firmware updates are signed so you clearly have the infrastructure already).
2) publish the fingerprint of your signing key. Paying customers should get in on paper with their licence. Sign important announcements too.
3) tools users need should be hosted by you (Rufus, gpg etc). Don’t ever link us to 3rd party sites! If we get a bad iso burner we get a bad appliance. Our bad appliance then resigns traffic with our own key trusted during scanning. Boom. The tools are open source, you can build them, host the download, and sign it with your key.
4) QA on builds, like the React dev tools still present in XG. It’s like showing up for work in a dirty shirt and smelling bad. It doesn’t actually change your performance, but it looks really bad.
5) more focus on 2FA and hardware tokens.
6) DNSSEC and other DNS security techniques. The DNS logging and functionality of XG is virtually nonexistent. This is an attack vector.
This thread was automatically locked due to age.