Sunday, December 28, 2014

Patching policies

Network staff: patch early, patch often.  It's better to have a 1 day per year outage from a bad patch than to ever have a compromised server or defaced site, especially when policy is to assume everything in the same subnet is also compromised and needs to be cleaned with fire and holy water.  A compromised site also means risk to our reputation, which is worse than not meeting an SLA 1 day out of 365.

Products weenie:  patches risk unplanned outages, which means we risk not meeting SLA.  Customer-facing SLAs are our bread and butter, and must not be messed with.  They must be tested in non-prod environments like any other software rollout.

Change approval board: 1 week per SDLC environment, because we're ITIL compliant. That means 5 weeks from patch release to production.  We neither know nor care what you mean by "zero day threat", we're a proven process driven shop.

Sysadmin: whether it's hacked or breaks from bad patches, I get my arse kicked either way.  And my arse is pretty sore already, and I'm over it.  Someone just make up their goddamn mind one way or the other, and I'll keep the e-mail where I was told to do it that way.

Marketing: What's a patch?  I ate my crayon...

No comments:

Post a Comment

Please be aware that all comments are moderated so if you're a scumbag spammer then I suggest not wasting your time. Your spam will not be seen by anyone.

Note: Only a member of this blog may post a comment.