Should a VM specialist specify a patch to install on the host in a vulnerability remediation task? Here's what I think:
🔻 If there is a simple way to give such information to IT, then you need to do it. For example, if a vulnerability scanner gives such recommendations.
🔻 If it requires intensive research, then you shouldn't do it. Otherwise, it will be yet another game of "prove and show". And instead of building a VM process to improve the security of the entire organization, you will be investigating which vulnerability is fixed by which KB. Not cool. 😏
Detecting a vulnerability on a host is a sign that the IT department is not doing its job correctly. Ideally, everything should be fixed in the process of unconditional regular patching. And vulnerability scans should only confirm that everything is ok. 🟢👍 If IT can't implement such a process, then let them deal with fixing specific vulnerabilities and finding patches. 😉
На русском
@avleonovcom #Remediation #VMprocess
🔻 If there is a simple way to give such information to IT, then you need to do it. For example, if a vulnerability scanner gives such recommendations.
🔻 If it requires intensive research, then you shouldn't do it. Otherwise, it will be yet another game of "prove and show". And instead of building a VM process to improve the security of the entire organization, you will be investigating which vulnerability is fixed by which KB. Not cool. 😏
Detecting a vulnerability on a host is a sign that the IT department is not doing its job correctly. Ideally, everything should be fixed in the process of unconditional regular patching. And vulnerability scans should only confirm that everything is ok. 🟢👍 If IT can't implement such a process, then let them deal with fixing specific vulnerabilities and finding patches. 😉
На русском
@avleonovcom #Remediation #VMprocess