Slow Down Patching? standard
The whole discussion around patching and vulnerability management is a big problem in general, but typically exacerbated by compliance initiatives like PCI DSS. Companies want to be secure, in general, but they have different risk procedures that can change the manner in which they do things like patching or how they lock down desktop controls. A good friend of mine turned me on to a presentation that happened at the San Diego ToorCon this past weekend that I am curious about. The abstract pushes us into dangerous territory, that of interpretation of QSAs (something we have often chatted about here). In the abstract, the presenter takes the opinion that rushing to patch is undesirable (potentially agree) and that the language ...
Continue Reading