Re: Typical problem of many large organizations
What about a compensating control? You know that a system is vulnerable, and the risk of patching outweighs the [quantitively measured] risk of compromise, but you put in place a compensating control that mitigates the problem temporarily until a patch can be applied. IDS/IPS anyone? Snort SIDs 41818 & 41819 were available from March.