I'm curious about how you all are managing .NET and .NET Core updates, especially at scale. It's been quite a challenge for me. My team uses Qualys for vulnerability scanning, and we also rely on ServiceNow for ticketing. How do you keep up to date without running into issues?
2 Answers
Totally feel you! Qualys lights up like a Christmas tree with these vulnerabilities. The trouble is, just patching without knowing what apps depend on a specific version is risky. We usually get flagged, create a ServiceNow ticket, and then need app owner confirmation before moving forward. For simpler upgrades without legacy dependencies, winget has been a lifesaver for bulk updates.
Oh man, our Cyber team is riding us about this too! It's wild how challenging it can be to get vendors on board for the updates, right? Most just tell you to stick to the old version without confirming if newer versions will even work. It's frustrating!
Yeah, we decided to shift the responsibility of app updates to the app owners. It's crazy how they prioritize things once they have to handle it themselves—suddenly, it’s not urgent! But being able to access Qualys has definitely made them more aware of their responsibilities.