Overall, Ormandy wrote that he found over 70 APIs exposed to the Internet, not all of which he had investigated for security issues. He suggested Trend should hire an external consultancy to audit the code.

Source: Trend Micro flaw could have allowed attacker to steal all passwords