• yannic
    link
    fedilink
    arrow-up
    1
    ·
    6 months ago

    Tenable (or how our security folks have our scans configured) doesn’t seem to get that.

    • cannibalkitteh@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      I used to have to explain it to them too, but could usually get them to understand by referencing the CVE and the breakdown from the MS security updates guide.

      • yannic
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        My favourite is:

        Them: We want less red in the pie chart. Fix that remote vulnerability.

        Me: We don’t even have that component enabled. It’s reporting on a DLL file version, not the vulnerability itself.

        Them: Just lower our vulnerability score.

        (Me wondering if I deploying dozens of fully-patched systems would have the same proportional effect)