Recently there was mega-breach that exposed the private data about million of people. The cause was said to be an un-patched website vulnerability. I was dissatisfied with the explanation because I knew they had patched the exact same issue on many of their websites.
1
6
9
I reached out to someone I knew on organization's internal security team and asked why was that one website didn’t receive the patch like the others. A: They would’ve patched if they knew the website existed. Lesson: asset inventory matters.
4
15
3
45
Replying to @jeremiahg
It's like that old infosec joke: CEO: Are all our websites secure? CISO: Give me a list of our websites and I'll tell you.

Oct 26, 2018 · 5:12 PM UTC

1
3