Matthew GarrettMar 20
Trying to convince my students that having all your security policy changes include a design doc describing the status quo, the desired outcome, why this change will achieve it, why alternatives were rejected, and then implementing it via some automation schema so it can't accidentally be reverted for no obvious reason is good actually
Show threadMatthew GarrettMar 20
They have apparently never known the pain of it being literally impossible to determine why something is the way it is and having no idea whether changing it will break anything
Show threaddr2chase
@mjg59 if nobody could be arsed to document it, it must not be important.
Mar 20 at 6:25amWeb
Show threadMatthew GarrettMar 20
@dr2chase that is a justifiable position and unfortunately if you then take down prod anyway it doesn't help your defense if you have nobody to point to