Network Penetration Scans and Executive Reaction?

LazloToth asks: "I'm sure some of you have had this happen: your company pays the big bucks for a 3rd-party security audit and, when it comes back, you get called on the carpet for all the supposed 'holes' in your network. When you see the report, you recognize that it comes from a well-known open-source security scanner, and that the 'holes' in question are so obscure as to be meaningless. I told our risk management VP that to fix every item cited - - many of which were false positives or completely out of context - - would be next to impossible for our small IT staff, and that some of the fixes, if implemented, might have deleterious effects on an otherwise smoothly running operation. How do you handle these 3rd-party security people who make mountains out of every molehill?"

simple:

[halfelven]

you join them

mwahahahahaha!!!

Re:Get a new consultant

[bani]

I don't see why the parent was marked as a troll.

You must be new here.

This is slashdot we're talking about here. moderators and editors with the intellectual capacity of cabbage.

Re:Get a new consultant

[uberpeon]

Hey! That's not nice.

Cabbage doesn't deserve being described like that.

Re:quit

[Master+of+Transhuman]

Canada? BAH! Canada is small potatoes!

In America, we invade entire countries, destroy them, then bill the taxpayer $200 billion to repair them and pass all the money on to the guys who elected us (with a couple billion on the side for ourselves, of course.)

THEN we take a few hundred billion out of Social Security, pass it to our friends in the stock market, and reap the kickbacks!

Now, THAT'S soaking somebody!

You guys are just amateurs...