Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)
Even looking at CVE causes so much fatigue.
Actually I ended up deploying opencve with very few alerts for high cvss score only for critical assets like domain controllers, firewall and vpn gateway.
Even that can’t be the only trusted and exhaustive source, because of sometimes you miss vulnerability that affect your product but is not directly assigned to it.
(-‸ლ)
[edit]: added ascii art meme stay off topic
How many devices and of how many types do you manage with how many people?
Automatically patch is another solution.
Of course it’s difficult on the tech side. You can do something like failover/high availability, and then auto update one and it fails over if something breaks.