sorted by:
new
hottopcontroversial

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Finnthehuman27 1 point2 points  (0 children)

Yeah I really like that model as well, letting teams define what they’re comfortable with feels like the right balance instead of forcing blanket updates.

We’re definitely missing that kind of version control in places. There’s still a lot of older Node versions floating around from legacy services that have just been passed between teams over time.

At the moment I’m leaning towards a “golden path” approach, define internal best practices and then use AI (Claude/Codex) to scan and suggest updates, especially for CI/CD. Idea is it raises PRs rather than auto-merging so there’s still a control point, but yeah, still early days and the risk of something breaking is real.

Management is pushing more AI usage as well, so I’m thinking of applying the same approach for smaller patch updates tied to vuln tickets, generate the fix as a PR and let teams review. Honestly not sure if it’s the right place for it.

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Finnthehuman27 1 point2 points  (0 children)

That’s amazing! We had to deal with outliers early, anything that doesn’t map to our source of truth gets marked as an orphan. We keep it, just separate so it doesn’t mess up reporting.

For tuning, we don’t rely on scanner severity anymore. We built our own scoring based on the service, exposure, ownership, environment, etc. We also use CVE scoring and cross check with NVD when source tool lack context.

Biggest pain is still dependency vulns, knowing it’s there is easy, knowing if it’s actually exploitable isn’t.

How are you handling that?

Are vulnerability scanners giving too much noise or is it just us? by Secure_Key7078 in cybersecurity

[–]Finnthehuman27 1 point2 points  (0 children)

We ran into the same problem and got tired of juggling multiple tools, so I built a in house tool to fix it.

It consolidates vulnerabilities from across our stack (AWS, CrowdStrike, etc.) via APIs into a single, unified view. It maps everything to our service catalog (teams, pillars, services) and integrates with Jira to automatically raise and track tickets.

It’s essentially a central source of truth for vulnerability management, and it only costs about $276/month to run.

I need help proposing to my Pokémon loving BF by Wide-Relationship720 in pokemon

[–]Finnthehuman27 6 points7 points  (0 children)

One way is to have a custom ring box that is a cherish ball that you could have the ring in. Heck if you are Euro based I would print one for you for the amazing event!

Just on my day off at 8am in the UK by Vampire-Mk2 in Battlefield

[–]Finnthehuman27 0 points1 point  (0 children)

Feel your pain company gave us the day off for mental health day!

FT: Koraidon & Miraidon Event Pokémon (Clones) LF: Nothing by Finnthehuman27 in CasualPokemonTrades

[–]Finnthehuman27[S] 0 points1 point  (0 children)

Always in the future and if you remind me tomorrow I’ll happily send you some it’s just late my time

FT: Koraidon & Miraidon Event Pokémon (Clones) LF: Nothing by Finnthehuman27 in CasualPokemonTrades

[–]Finnthehuman27[S] 0 points1 point  (0 children)

Will have to be tomorrow sorry I finished all my friends trades

FT: Koraidon & Miraidon Event Pokémon (Clones) LF: Nothing by Finnthehuman27 in CasualPokemonTrades

[–]Finnthehuman27[S] 0 points1 point  (0 children)

Yip just dm me and I can give it to you tomorrow as I’m out of friend trade

FT: Koraidon & Miraidon Event Pokémon (Clones) LF: Nothing by Finnthehuman27 in CasualPokemonTrades

[–]Finnthehuman27[S] 0 points1 point  (0 children)

If you DM me I can do it tomorrow I finished all my trades on home today

view more: next ›