On Fri, 6 Aug 2021 at 09:59, James Bensley <jwbensley+cisco-...@gmail.com> wrote: > > What is right or technically correct is not always the priority. > > This is the job we do, right? (it's the job I do anyway). We find a > way to convince the powers that be, that this is a massive security > risk for example, or for example that our financial exposure because > of this exact feature is 1.21 gigawatts. Not let the uneducated powers > that be tell me it's fine to keep this feature they don't understand > :)
I need the AM's to focus on the problems that actually do affect the business case (which doesn't always work either), a specific default that I don't like is not that. What I can do is have TAC file an enhancement request, which is pretty much useless without internal pressure. If you are working for a shop so big that you can throw enhancement requests at them without blinking great, but that depends on how much you are spending I guess. I'm no longer putting in hundreds of hours to fight losing battles, which earlier in my carrier I did: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140828-CVE-2014-3347 cheers, lukas _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/