Tag
#triage
6 posts tagged #triage.
-
Analysis · Jun 3, 2026 · Colten Anderson
The patch triage meeting that ends with owners, not opinions
The short-list is built before anyone sits down. The meeting exists to put a name and a clock on each item, then end. Here's how to run it in fifteen minutes.
-
Field Note · May 15, 2026 · Colten Anderson
A 30-minute Patch Tuesday triage you can actually run
How to get from 150 CVEs to the 4-8 that change your week, using only public signals and a clock.
-
Analysis · May 14, 2026 · Colten Anderson
Does this CVE actually apply to you? Three filters before you patch
Single-score triage fails in both directions: 10.0s that don't apply, 4.3s that get exploited for 13 days. Three filters reduce the queue.
-
Analysis · May 1, 2026 · Colten Anderson
A 4.3 that mattered: the 13-day gap between patch and exploitation flag
Microsoft patched CVE-2026-32202 on April 14 without marking it exploited. APT28 had been using it since at least December. The gap between those two facts is where triage models break.
-
Field Note · Apr 28, 2026 · Colten Anderson
Patch now, patch later, ignore for now: the triage model real IT teams actually need
A three-bucket triage model for sysadmins who don't own a vulnerability scanner and aren't going to buy one.
-
Analysis · Apr 28, 2026 · Colten Anderson
Why most patch summaries fail the people who actually have to do the work
Vendor advisories are written for completeness. They're not written for the operator triaging a CISA KEV ticket before lunch.