Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2734PUBLISHED: 2022-08-09Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2729PUBLISHED: 2022-08-09Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2730PUBLISHED: 2022-08-09Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2731PUBLISHED: 2022-08-09Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2732PUBLISHED: 2022-08-09Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.
User Rank: Ninja
10/18/2017 | 4:54:00 PM
And if that's the case, then neither side is doing its job.
Legal teams, compliance teams, and cybersecurity teams are simply part of risk assessment and risk management. As an attorney and data-privacy consultant myself, I consider it my job to say, "Here are all the pertinent facts, here are the possible outcomes and their probabilities, and here are my recommendations accordingly."
And my job doesn't end there. There's an if-then relationship. If the client chooses, say, the second-best or third-best option instead of what I deem the best option, then I have to have my recommendations ready on how to proceed -- and how to deal with the potential consequences of those actions.
And, again, "best" is a relative term. "Best" isn't always "most secure" or "most compliant." Those are just factors.