Rich Bartlett

Like thousands of others, reviewing the Microsoft security releases :| Questions include:

1. What’s being/might be exploited ITW?
2. What could it break?
3. Is there temporary remediation put in which new patches negate and do we need to reverse those?
4. Why does one of the largest multi-billion international companies still get away with writing such crap code that high and critical rated vulnerabilities in their core products are still normal every month?
5. What ghastly vulnerabilities are there in their cloud products we don’t know about?
6. Should I take up another line of work completely?

Happy Patch Tuesday everyone :D

1. Yes, I think a lot of discussion in cybersecurity is the outcomes, but not enough is talked about underlying cause and the boring stuff like slow incremental improvement and doing the fundamentals. Some discussion on that would be great.
2. I’m intending to watch the different spaces as they evolve, I’ve got a presence on fedio.io, here and the infosec.exchange Mastodon instance and I’m still watching Reddit blueteamsec (though not posting). I don’t mind some pluralism in the community, it’s a good thing, it just makes it a bit harder (but we should be wary of easy, that’s what commercial solutions will always drive but that doesn’t work out so well!)
3. Yes, definitely.
4. I think the big move from Twitter to infosec.exchange was a sign of how a community can thrive in a non-commercial space, and how the power lies with us, not the platform.