Login

u/Curious_Seaweed7277

▲ 6 r/devops

What’s your CVE monitoring workflow for clients stacks?

Managing infra for multiple clients/projects
Each has a different stack

How do you stay on top of vulnerabilities
that are relevant to each specific environment?

I’ve seen people use:
- RSS from NVD )(brutal noise)
- only covers dependencies
- Manual checks
- Nothing and hoping for the best

What actually works for you ?

reddit.com
u/Curious_Seaweed7277 — 3 days ago
▲ 10 r/sysadmin

How do you track CvEs that actually affect your specific stack ?

I ve been thinking about this problem lately, NVD publishes 50-80 CVEs per day
Almost no one can follow that manually

What your actual current workflow for knowing
When a vulnerability affects your specific setup? ( nginx, python , etc (

Do you use RSS feeds ? Specific tools ?
Just wait for your distro’s security updates?
Or honestly… you don’t track it at all ?

Asking because I’m trying to understand
How people actually handle this day-to-day

reddit.com
u/Curious_Seaweed7277 — 3 days ago