Grimes said:
I expect a security to be on top of any patches that are released to known vulnerability. They should be aware of it within days at most and have some plan of action put together. It shouldn't stay unpatched for months. I would expect my administrators to be on email lists which inform people whenever security patches are released. Also, I would expect them to remain informed of the latest security developments by checking sites relevant to installed software on a daily basis. |
So where is the source saying that it was longer then days? Or even a day, or even 4 hours? Like I said without a time frame and industry standards to compare we don't know anything