On Thu, 20 Feb 2020 23:38:15 +0000, Jonathan Buzzard said: > For us, it is a Scottish government mandate that all public funded > bodies in Scotland are Cyber Essentials Plus compliant. That's 10 days > from a critical vulnerability till your patched. No if's no buts, just > do it.
Is that 10 days from vuln dislosure, or from patch availability? The latter can be a headache, especially if 24-48 hours pass between when the patch actually hits the streets and you get the e-mail, or if you have other legal mandates that patches be tested before production deployment. The former is simply unworkable - you *might* be able to deploy mitigations or other work-arounds, but if it's something complicated that requires a lot of re-work of code, you may be waiting a lot more than 10 days for a patch....
pgpkaNljRvc3Q.pgp
Description: PGP signature
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
