top | item 41377996

(no title)

ohyes | 1 year ago

There’s a strong argument that checklists are the opposite of what you want. In your example if I give you a list of ports to close, you might close those ports and leave all others open, and you would be “compliant” but still in danger.

You really need better defaults (“all ports start closed”) and a culture of strong justification for any changes from the known safe defaults.

This is of course at odds with convenience so it probably won’t happen.

discuss

No comments yet.