Entries from July 2017 ↓

Yeah, but do I really need to patch this one?

A big part of my “day job” over the past few years has been to act as the security advocate for a number of Dell EMC products. This includes a variety of activities, both proactive and reactive. One common activity is handling the life cycle of a security vulnerability through discovery, triage, remediation, and disclosure. Most (but not all) of the vulnerabilities I deal with are a result of embedded components which are updated periodically for security reasons.

There’s a common response I get when vulnerabilities, and their remediation, are disclosed. “Do I really need to worry about this one?”

When I put my corporate hat on, the answer of course is, “Yes. We advise you to <blah blah blah> immediately.”

But you know and I know that security vulnerabilities come in a wide variety of flavors.

So what’s the real answer?

Continue reading →