Comment by bifrost

4 years ago

I'm assuming you're using a stateful packet filter when you're talking about this? Otherwise you'll break all kinds of stuff.

CISO's care about security but you'll find that most developers/users do not at all and its like pulling teeth to get anything done. It'd likely be better to get all developers basic security training and automated code vulnerability scanning tools.

2 comments

bifrost

Reply
gpm  4 years ago

I've worked in an environment where all the developers did basic security training, and I've worked (well, interned) in an environment where prod had a default-deny firewall for outbound traffic.

The latter was definitely a hell of a lot more trouble. The latter was also definitely a hell of a lot more secure - and not because I had tons of faith in the code.

  • bravetraveler  4 years ago

    I currently work in a place that does both, yet still find questionable things on a weekly basis!

    Exhausting, lol