@cda I have a very similar, but very different challenge. Building an info security database I want to know where my IT systems are and (for example) how many vulnerabilities they have. This sounds easy on day one - have a table with columns for IP, Hostname, and vulnerability count. But those things change regularly. Next week it may change IP and have less vulnerabilities, and the following week, it will have more.

How do I store all of that so I can graph vulnerabilities over time?

@corbin Thank you for doing this.

I'm sorry you had to... But thanks.

@munin I'm 100% with you in theory, but my experience shows this doesn't always work practice.

A) This might be their first audit and they have no idea what they're doing.
B) They might be unreasonably set in their ways and don't care what the auditee thinks.
C) The auditor might be onboard with your case, but their audit lead/reviewer might not be.

@aaron Will also need to regulate the terms. When everything is based on "valuation" and you can change your valuation with a press release or a bad quarter, the rules don't mean much.

Need to buy that company? Layoff a bunch of people to drop our valuation for a few months.

@GossiTheDog I like the idea of recording everything! I can't tell you how many times I've had an argument with a kid or spouse and said "You've done this SO many times, I just can't think of any examples right now!"

What I DON'T like is A) somebody else hoarding and culling that recording, or B) having to go through year's worth of content to find those examples.

So I'll pass on this like I pass on the other listening boxes, and continue to lose arguments.