So the new P0 policy is to disclose details only after 90 days even if vendor releases the patch after 20 days. That means people will wait for 70 days before patching because nobody tells them what the bug exactly is and if it is really worth patching 
Ah, we're well staffed and the difference between prioritized and not is small, but I think we're the exception. I've heard gov change management horror stories, for example.
-
-
I won't argue with that :) I am still somewhat unconvinced that somewhere a sysadmin is going to say "know what, this patch here that would be part of my forced uodate schedule, don't know enough about this one bug it fixes, will wait another month to install it"
-
I think it's more "standard qualification takes 3 months, see no reason to put my neck on the line and let this one jump the queue, that's a lot of paperwork"
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
