Tag Archives: ПВН

Regarding Jacob Williams’ idea of using “Accepted Insecure Time” instead of “Service-level Agreement” when discussing vulnerabilities and patches

Regarding Jacob Williams' idea of using Accepted Insecure Time instead of Service-level Agreement when discussing vulnerabilities and patches

Regarding Jacob Williams’ idea of using “Accepted Insecure Time” instead of “Service-level Agreement” when discussing vulnerabilities and patches. There is logic in this. Indeed, the term SLA hides the essence of the problem: as long as the vulnerability is not fixed (even if IT performs patching in the SLA window), the company can be HACKED. And this is no longer performing service operations, but something else, something more important.

On the other hand, where should this new term be used?

🔹 IT thinks in terms of services. Do you propose to go to them with your newspeak? Looks unconstructive. Nowadays it is common to speak to businesses in their language. Why do you speak to IT in the language of information security? 🤔
🔹 Or are you going to bring this to the business and then translate it into an SLA for IT? Isn’t this an extra unnecessary step? 🙂

BTW, it will be “принятое время незащищённости” (ПВН) in Russian and creates additional allusions to PWN. 😉

На русском