The Ostrich Approach To Vulnerability Management

All links and images for this episode can be found on CISO Series OK, you showed us our vulnerability. But we really don't want to fix it now. Could we just pay you off to keep quiet, and to buy us some more time to deal with this in a "not so timely" manner? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sameer Sait (@sameersait), CISO, Amazon - Whole Foods. Thanks to our podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: What if software developers used academic citations for code acquired from outside sources? What is a reported security vulnerability doesn't get fixed? Where do you go next? What if a 3rd party app developer needs access to a file/print share over the internet? What if you receive a pitch that makes a grandiose statement like "no false positives?" Follow-up or hard pass?