What kind of "user base" are you talking about?
- ie, internal or external?
- if they're internal, this is a no-brainer: you communicate
- if they're external, it's nearly a no-brainer: you communicate
Are you subject to rules like GDPR or other data-compliance rules (PCI, etc)?
- communicate
Everyone knows you have vulnerabilities – whether you admit them or not, it doesn't change they exist: and people will assume (ie "know") you have them – probably quite a while before you know
Are end-user devices going to be patched?
- communicate – they need to know to leave their machines on or connected to the VPN over the weekend
January 17, 2020 at 10:39AM
via reddit https://www.reddit.com/r/security/comments/eq0hvt/communications_with_users_regarding_patching/fen2m4u?utm_source=ifttt