In the last months the focus on security has been increasing, which in itself is a good thing. The fact that code scans are being performed is, is a very positive initiative.
However, the downside of all this extra attention that a huge amount of security notes is being released. The result is that we are struggling - and failing - to keep the process of review and implementation in control. Even if we would do regular support packages, it seems impossible to manage all these notes for around 100 productive systems. Therefore the choice has been made for now to only do the exercise for our critical business systems and later on try to do the same for our less critical systems. However, this does leave residual risk in your system landscape for also the critical systems as most systems are connected in some way.
I don't think it can be that we are the only company struggling in this area. Therefore I'm curious about your experiences in this area? How are you managing the increased workload in this area? How do you set the priorities on review and implementation? And how do you manage the implementation?
Thanks,
Maaike