Just read the thread as I have had access issues before preventing me from viewing this OSSN.
So from what I can see, there are no mitigating issues that an operator can take to de-risk any given threat scenario, coupled with the VMT seeing this as impractical to exploit.
I am not sure we can really do much with this as an OSSN. If an OSSN goes out without a concrete 'Recommended Actions' section, it can result in a lot of concerned and confused ops replying as they are not sure what to do with the information.
Unless someone strongly sees the opposite, I would also recommend a 'Won't Fix' for for an OSSN.
Just read the thread as I have had access issues before preventing me from viewing this OSSN.
So from what I can see, there are no mitigating issues that an operator can take to de-risk any given threat scenario, coupled with the VMT seeing this as impractical to exploit.
I am not sure we can really do much with this as an OSSN. If an OSSN goes out without a concrete 'Recommended Actions' section, it can result in a lot of concerned and confused ops replying as they are not sure what to do with the information.
Unless someone strongly sees the opposite, I would also recommend a 'Won't Fix' for for an OSSN.