770
you are viewing a single comment's thread
view the rest of the comments
[-] cannibalkitteh@lemmy.blahaj.zone 7 points 6 months ago

Part of my job used to involve explaining patch supersedence to leadership so that they had a clear idea of why a totally different patch needs to be loaded to address a vulnerability reporting a different patch number in the scanner.

[-] yannic@lemmy.ca 1 points 6 months ago

Tenable (or how our security folks have our scans configured) doesn't seem to get that.

[-] cannibalkitteh@lemmy.blahaj.zone 2 points 6 months ago

I used to have to explain it to them too, but could usually get them to understand by referencing the CVE and the breakdown from the MS security updates guide.

[-] yannic@lemmy.ca 2 points 6 months ago

My favourite is:

Them: We want less red in the pie chart. Fix that remote vulnerability.

Me: We don't even have that component enabled. It's reporting on a DLL file version, not the vulnerability itself.

Them: Just lower our vulnerability score.

(Me wondering if I deploying dozens of fully-patched systems would have the same proportional effect)

this post was submitted on 04 May 2024
770 points (96.4% liked)

memes

10412 readers
530 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 1 year ago
MODERATORS