Never let common sense or ten seconds of research get in the way of a great soundbyte, even if it is patently false. Apparently Brad MacKenzie didn't check his favorite vulnerability database to notice the over 1,100 vulnerabilities in security software dating back to at least 1996-11-11, when a vulnerability in a firewall was discovered..
Researchers from Clear Skies Security have identified a flaw that negates the protection provided by certain Imperva Web Application Firewalls (WAF). This attack essentially bypasses security controls provided by the Imperva device and allows malicious requests to pass through the device unfiltered, allowing for potential application exploitation remotely over the Internet.
"It is quite rare to find vulnerabilities in security software," said Brad MacKenzie CEO for Clear Skies Security.