CHOOSE THE MOST APPROPRIATE RESPONSE:
-- Patch client: --
"We evaluated the vulnerability listed in the email and have determined that it is not a critical vulnerability. Instead of upgrading the plugin now, this upgrade can wait until your next quarterly patch"
-- Non-Patch client --
"We evaluated the vulnerability listed in the email and have determined that it is not a critical vulnerability. While it does not need to be upgraded right away, we still recommend upgrading the plugin and estimate this could take <X> hours"
** Depending on the client's personality this can also be a great time to discuss patch plans. If they have a patch plan the client can rely on us to oversee site security instead and they don't need to cut into their SEO hours for updates
-- General information explaining vulnerability severity --
"While security vulnerabilities are important to address, not all vulnerabilities have the same level of impact or urgency as others. Some vulnerabilities have multiple conditions that need to be met while others provide access to useless site information or functionality. Such vulnerabilities are low value for attackers to abuse because they are less likely to work or they gain little if they do work. Instead, attackers will focus on other vulnerabilities that are easier to exploit or have a higher reward."
Comments
0 B
|👍
/👎
0 B
|👍
/👎
0 B
|0 👍
/0 👎
0 B
|👍
/👎