Hacker News new | ask | show | jobs
by averageRoyalty 693 days ago
More importantly, the companies that enabled auto update from a vendor to production rather than having a validation process. This sort of issue can happen with any vendor, penalising the vendor won't help with the next time this happens.
1 comments
gquere 693 days ago
Was there a way to not enable these channel updates? If so, would you still check all the mandatory security measures when being audited?
link
averageRoyalty 692 days ago
The way is to not install third party software with kernel level access that you can't stop pulling remote updates.

How does that pass a security audit in the first place?

link