31
Had a chat with a pentester last night that shifted how I think about patching
He told me he sees more breaches from teams patching too fast without testing than from those who wait a week, and now I'm second-guessing our whole Tuesday routine - anyone else been told the opposite?
2 comments
Log in to join the discussion
Log In2 Comments
maryadams7d ago
Yeah, that ringer with your buddy's SQL patch sounds like a nightmare. We had a similar thing happen when a security update broke our customer portal once, and nobody could log in for half a day. It's a real wake-up call when you realize rushing can be just as dangerous as waiting. Your pentester's point makes a lot of sense to me now, even though it goes against everything I thought I knew. It's like you trade one kind of risk for another, and you've got to pick the one your team can handle better.
9
ivangrant7d ago
Wait, did he mention any examples of what broke from patching too fast? I remember a buddy who pushed a SQL patch on a Friday and took down their whole reporting system for days.
3