|
|
|
|
|
|
by cheschire
2015 days ago
|
|
|
There's a difference between defense in depth and bureaucracy. One recent example I saw was prioritizing the re-evaluation of a system that is low impact and limited access over the remediation of issues on a widely accessible system, only because the low impact evaluation was going to be out of tolerance sooner and therefore look bad on report cards. |
|
|