The SolarWinds exploit demonstrates unacceptable weaknesses of the Cybersecurity profession. Cybersecurity has become a policy enforcement group as opposed to a group of technical professionals.
I’ve recently lived through a few weeks of having to deal with Cybersecurity experts in my attempts to deploy critical software updates.
Nothing can ship because there aren’t approved Assured Compliance Assessment Solution (ACAS) scans for the updates I want to deploy.
I argued that SolarWinds had approved ACAS scans but is a vulnerable piece of shit and none of them knew.
They stare at me. Blankly.