Wednesday, February 04, 2009

Not Natural

This was another one of those surprisingly cold mornings. I opened the door, stepped out, and closed it behind me before I actually noticed - possibly because the nerves in my face (unprotected by beard, as they are) were flash frozen like a box of Birdseye green beans with lightly toasted almonds.
Unfortunately, the feeling started to return by the time I got to the car. That sucked a lot.
The thermometer in the car displayed "LOL".
When I walked into the office, I confronted one of the locals from under my inadequate knit cap with a friendly, "What the hell, man?"
"Cold enough for ya?"
There is no response to "Cold enough for you?" which does not involve profanity, though I tried several different variations.
Twenty degrees.
With a wind chill in the single digits.
No. Freaking. Way.

Yesterday it was determined that we had been getting incomplete security scan data for about the last ten months.
As a result, our total findings shot up from 2 to over 200.
While we aren't individually being thrown under the blame bus, it still looks really crappy.
It also turns out that (even though this new and horrible data has already been delivered to senior management) some things are just wrong.
One particular "missing" patch in the new scan relates to a product not even installed on our servers.
Submitting this as a false positive, while entirely justified, will take about three hundred pages of detailed documentation across the server environment.
Knowing this, it has been established that just replacing the files turning up in the scan, even though they are not in any real way vulnerable, is the most effective use of our time. That whole process can be automated to take about ten minutes.
Further, submitting false positive documentation does nothing but let us wave the "You Are Wrong" flag and is not a good use of company time at all.
Sometimes the right thing to do is just to make the finding, even the false finding, just go away.
Anyway, this post will be a little short today.
I'm sure you've figured out I have about 300 pages of documentation to write.

No comments: