@stefano Ahh yes I remember this well, our 'security'...

@stefano Ahh yes I remember this well, our 'security' company would run a scan every so often then report back about how we were using insecure versions of Apache, Nginx and so on based purely on the version number, not understanding we were running RHEL and all these fixes were backported.

Like 22 July at 14:34 | Wall-to-wall | Open on mastodon.incognitus.net

3 comments

ferricoxide

@nikdoof@mastodon.incognitus.net @stefano@mastodon.bsd.cafe

Many of my customers IA groups have 100% turnover in personnel, including management, in less than 24 months. So, I have this argument at least every two years with their shiny-new security "experts" (they must be experts: they have the certifications that say so!).

22 July at 15:57 | Open on evil.social

mini

@nikdoof @stefano I hate these companies - I have had them tell me that my nginx web server is vulnerable to an apache CVE purely based on faulty version number checks. It’s a ridiculous waste of time and always feels like arguing with a brick wall when you dispute their findings.

22 July at 17:23 | Open on perfect.moe

ティージェーグレェ

@nikdoof IMHO, RHEL does everyone a disservice with that back porting BS, so I can understand some frustration there.

@stefano

24 July at 17:21 | Open on sfba.social

Go Up