Has Sabrent officially posted any statement, and follow up actions, on the recent supply chain attack that happened involving their own firmware about 6 months ago, as disclosed and discussed (and responded to by an official account of Sabrent's) here and here?
---
I am in charge of procurement of IT equipment at a medium sized company and started looking into buying powered usb hubs for our employees (a few hundred eligable for receiving these hubs). Doing some initial research on the matter Sabrent came up as the main recommendation from outlets I trust, such as Tom's Hardware, as well as personal contacts.
However, what also came up in the research were the previously linked discussions about a supply chain attack that happened with their firmware vendor (which is the same as their hardware vendor it seems) just half a year ago.
Sadly these kinds of things can happen to any company, but it is a measure of quality and trust how they respond to a situation like this. In fact I would trust a company that had something like this happen much more if the opportunity were used to be transparent about what allowed the situation to happen in the first place, and what mechanisms have been put in place to safeguard that it can't happen again in the future.
But in this instance there doesn't seem to have been any formal statements made from Sabrent on the matter, no information on if an inquiry took place and what it uncovered. Worse of all, there is no information to be had on what, if any, kind of mechanisms have been put into place to make sure that this doesn't happen again in the future.
I am writing this out of concern for any one else in charge of IT equipment procurement that might think of buing Sabrent equipment, and might not come accross these recent issues during their research.
Due to the afformationed lack of forthcoming information, I will not take a chance on Sabrent for my organization and will now search for other options.
