Guys - in our last call as well as some individual conversations with some of you it feels like the two core problems people have highlighted and seem to agree on are:
1) How to establish a consolidated set of assets that can be leveraged across Security and Operations and maintain that up to date
2) How to formalize the process to patch known vulnerabilities
Let me know if this is reflective of everyone's thoughts? With this we could establish best practices, measurements, recommended tracking/dashboarding etc.
It felt like people agree the key thing would be to understand what best practices or where people are looking idependently from the Security and Operations teams now to answer these questions. Could each of you comment with any know sources of info the individual teams are using around these two problems today?