Broadcom who recently bought VMware has started to send cease and desist letters to customers who are running perpetual licenses of VMware without an active support contract. If you want to see what one of these looks like, here is an example. In short, this is more of a shakedown letter that says that users may continue to use their perpetual licenses. However, they can no longer purchase support unless they had prior contractual agreements to do so. Support is now only offered through subscription models. This sometimes leads to cost increases of 300 percent or more from what I have heard. But more importantly it forces customers to roll back security updates if they choose not to pay Broadcom and thus leaving them open to old vulnerabilities that ransomware gangs may start exploiting.
In a blog post published today, Comparitech analyzed this new policy. The analysis looks at what happened, the security ramifications, the impact to VMware customers, and what companies can do to protect themselves against ransomware threats.
For full details, please see the full analysis here. But if you want my advice, I would look for an alternative to Broadcom’s products. I say that because even with a supposedly free product like VMware Fusion, I can no longer check for updates. Instead, I have to log in using my Broadcom account to download and reinstall the entire application to get a security update. This has been noted on Broadcom’s own forums. While that is a first world problem of sorts, it means that I am less likely to get security updates in a timely fashion. That I find to be unacceptable because companies shouldn’t do things like this that impact the security of their customers in a negative way.
Broadcom’s customer shakedown opens old pathways for ransomware gangs
Posted in Commentary with tags Broadcom on May 9, 2025 by itnerdBroadcom who recently bought VMware has started to send cease and desist letters to customers who are running perpetual licenses of VMware without an active support contract. If you want to see what one of these looks like, here is an example. In short, this is more of a shakedown letter that says that users may continue to use their perpetual licenses. However, they can no longer purchase support unless they had prior contractual agreements to do so. Support is now only offered through subscription models. This sometimes leads to cost increases of 300 percent or more from what I have heard. But more importantly it forces customers to roll back security updates if they choose not to pay Broadcom and thus leaving them open to old vulnerabilities that ransomware gangs may start exploiting.
In a blog post published today, Comparitech analyzed this new policy. The analysis looks at what happened, the security ramifications, the impact to VMware customers, and what companies can do to protect themselves against ransomware threats.
For full details, please see the full analysis here. But if you want my advice, I would look for an alternative to Broadcom’s products. I say that because even with a supposedly free product like VMware Fusion, I can no longer check for updates. Instead, I have to log in using my Broadcom account to download and reinstall the entire application to get a security update. This has been noted on Broadcom’s own forums. While that is a first world problem of sorts, it means that I am less likely to get security updates in a timely fashion. That I find to be unacceptable because companies shouldn’t do things like this that impact the security of their customers in a negative way.
1 Comment »