▲ | cube00 2 days ago | |||||||||||||||||||||||||||||||
> New SecureBuilds are created whenever upstream CVEs are available, with a 6-day SLA for critical vulnerabilities. Aren't most SecOps pushing 48 hours as the absolute limit for critical vulns or are ours just being extra pushy? | ||||||||||||||||||||||||||||||||
▲ | marcc 2 days ago | parent [-] | |||||||||||||||||||||||||||||||
We often deliver in way less than 6 days but sometimes the dependency tree is deep for a patch. I've seen most auditors mandate 30 days for Critical, but you clearly want to move a lot quicker than that. | ||||||||||||||||||||||||||||||||
|