Reply to post: Re: analysis paralysis

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Anonymous Coward
Anonymous Coward

Re: analysis paralysis

Excellent phrase, sir. My uncharitable attitude to Vulnerability Management (and pen-testers and auditors) is that they're paid to find and "manage" issues, but not to help fix them.

If a company has a CMDB and a regular patching & hardening program, it's relatively easy to accelerate the process and the schedule to handle out of cycle fixes. If you don't have those in place, you'll waste a lot of time analysing, planning and firefighting.

Posted as AC, but my colleagues in Vulnerability Manglement will probably know it's me anyway - I've said it to their faces a few times.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon