So I got to thinking about the recent Poodle vulnerability and it got me thinking - where does the buck stop?
If the Devs are solely responsible for the servers they are managing, there are several real and scary questions you have to ask yourself:
- As an admin in a DevOps environment, do I even know if I'm vulnerable?
- If I have an external-facing system managed by a Dev, have I already been compromised?
- If I have been compromised, how far does it go?
- Do the Devs take security into account? (Let me help you on this - the answer is no, no matter what they tell you )
- Who is responsible for mitigating that risk?
- Who does your organization hold accountable?