|
|
|
|
|
|
by opt-skept
920 days ago
|
|
|
I disagree. I think inspecting the output from Qualys (and other tools, including SAST) are substantially and manifestly different from inspecting Kubernetes logs. I would worry the argument about "highly skilled SREs" could become a "true Scotsman" argument. If a business has any persons who are skilled enough and plentiful enough to process all of the security output and take action on them, let it be so. My experience is that in practice, there are not the resources to process all of the output that the tools generate. Do you have experience to the contrary where this has been done at a company scale or is your argument a theoretical one that you believe stands to reason? |
|
|