May 19, 2021
12:18:48pm
12:18:48pm
Over the years, I've seen auditors hyper-focus on their personal pet annoyances
at the expense of missing wide open doors.
Vulnerabilities are sometimes deliberately disregarded by IT people for ease of business. A good auditor should look for that sort of thing. Instead, so many of them care about nothing but checkboxes and screenshots.
What's the proof that we've remediated a vulnerability? A screenshot. I try to keep my mouth shut because I'm the guy who has to remediate stuff, but every once in a while I lose my patience and rant about how worthless my screenshots are when I send them.
Penetration tests are great too, but sometimes they miss stuff too.
Vulnerabilities are sometimes deliberately disregarded by IT people for ease of business. A good auditor should look for that sort of thing. Instead, so many of them care about nothing but checkboxes and screenshots.
What's the proof that we've remediated a vulnerability? A screenshot. I try to keep my mouth shut because I'm the guy who has to remediate stuff, but every once in a while I lose my patience and rant about how worthless my screenshots are when I send them.
Penetration tests are great too, but sometimes they miss stuff too.
- Bio page
- Belboz
- Joined
- Jul 5, 2001
- Last login
- Jun 1, 2024
- Total posts
- 74,015 (13,143 FO)
Messages
Time
POLL: Do you think paying 4.4 million ransom to end the pipeline cyberattack was the right business move?
5/19/21 11:27am
5/19/21 11:47am
5/19/21 11:57am
5/19/21 11:58am
5/19/21 12:08pm
5/19/21 5:09pm
5/19/21 12:04pm
5/19/21 12:37pm
5/19/21 5:10pm