Reply to post: Re: analysis paralysis

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Anonymous Coward
Anonymous Coward

Re: analysis paralysis

Yes they're paid to find and manage because if they also get involved in fixing theres a massive conflict of interest.

Let's flip the whole thing round from your perspective. I'm assuming you're a sysadmin or engineer.

Let's say 6 months ago you finished upgrading the network and you've been continually patching and monitoring ever since to the best of your ability.

Your boss has asked you, the sysadmin, to perform a vulnerability assessment on the network. It's all going well until...whoops, you find a bunch of vulnerabilities and threats you didn't realise were there and frustratingly some of them exist because of decisions you made when you performed the upgrade.

How do you report this to your boss without lying.

Do you come clean and admit to the fuck up and come off as an incompetent sysadmin?

Do you secretly fix the problems and report that there were no problems found and hope that no problems will be found in the future to highlight your poor upgrade management?

The idea is to keep things objective and continually improve processes, policies and practices.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon