|
|
|
|
|
|
by viraptor
592 days ago
|
|
|
It's closer to checkbox compliance, rather than being effective. Sure, those checks may be interesting and point out some actual issues. But if you're given a choice, then a short threat modelling session will have much higher impact. Someone else brought up CIS here - it's the same category with counterproductive changes like installing an integrity checker and tcpwrapper inside docker images. |
|
|