Automatically patch is another solution.
Of course it’s difficult on the tech side. You can do something like failover/high availability, and then auto update one and it fails over if something breaks.
Comment on Off-Topic Friday
M33@piefed.world 4 days agoEven looking at CVE causes so much fatigue.
Actually I ended up deploying opencve with very few alerts for high cvss score only for critical assets like domain controllers, firewall and vpn gateway.
Even that can’t be the only trusted and exhaustive source, because of sometimes you miss vulnerability that affect your product but is not directly assigned to it.
moonpiedumplings@programming.dev 4 days ago
moonpiedumplings@programming.dev 4 days ago
How many devices and of how many types do you manage with how many people?