• @[email protected]
    link
    fedilink
    27 months ago

    I used to have to explain it to them too, but could usually get them to understand by referencing the CVE and the breakdown from the MS security updates guide.

    • @[email protected]
      link
      fedilink
      27 months ago

      My favourite is:

      Them: We want less red in the pie chart. Fix that remote vulnerability.

      Me: We don’t even have that component enabled. It’s reporting on a DLL file version, not the vulnerability itself.

      Them: Just lower our vulnerability score.

      (Me wondering if I deploying dozens of fully-patched systems would have the same proportional effect)