2 comments

[ 2.6 ms ] story [ 15.2 ms ] thread
Then it is even more damning to the head of security if they knew about the vulnerability. The ultimate person to decide whether a vulnerability is not to be patched, is the head of security.
There are two unstated assumptions here: 1) She had the organizational power to order patching and rollout (which is more than the power to prevent a rollout). 2) She didn't try.

You may be right. But.