Who Should Accept the Risk for Unfixed Vulnerabilities?
CybersecurityRiskManagementVulnerabilitiesCVEEngineeringReddit
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
The Reddit post discusses the responsibility for accepting the risk when an engineer states that vulnerabilities (CVEs) do not need to be fixed because they are mitigated by not being exposed to the internet. The proposed options for accepting this risk are: the engineer's manager, the CTO, your manager, or yourself.