|
|
|
|
|
|
by jaredraby
3486 days ago
|
|
|
I no longer work at the company, but I used to work at a startup doing IoT devices. Our cloud server didn't stay up to date with security vunerabilities as we should have. Basically letting Mysql get behind in versions. There was also the issue of SSL being forgone in the name of time saving since I was the only one working on infrastructure. The development platform we were using broke on older versions with SSL enabled, so it was thrown into the wind before I had the time to deal with it. This was due to being inexperienced with the work, too many duties, and a time line that didn't give me the time that I needed to fully understand some topics. TLDR;
-Security vulnerabilities from version updates
-SSL on some platforms
-Not having a dedicated / experienced individual on staff for dev ops in general |
|
|
I'm not surprised to see that the first thing you listed was patching known vulnerabilities. Staying up to date with known vulnerabilities is the baseline of a security policy, but patch management is needlessly hard, especially if you don't have dedicated staff to scour security mailinglists.
We built a product to make this easier: https://appcanary.com . Maybe it would have helped your old employer.
</self promotion>