Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

From Relating to DevSecOps by Ken Toler and Mike McCabe

August 25, 2025 · 34 min · Season 1 · Episode 80

About this episode

Ken and Mike discuss the challenges of vulnerability management and the realities of compliance in the tech industry.

Send us Fan Mail In this no-punches-pulled return from hiatus, Ken and Mike dig deep into the messy middle of vulnerability management, SLA fatigue, and the illusion of compliance. Are we building secure systems or just passing audits? From legacy cruft to exploitable CVEs, this episode unpacks the real-world pressures of SOC 2, the auditor dance, and whether fixing every “critical” is even feasible. Perfect for practitioners trying to balance the checkbox culture with actual risk reduction,...

People in this episode

Hosts: Ken Toler, Mike McCabe

Topics covered

  • vulnerability management
  • compliance
  • SLA fatigue
  • risk reduction
  • audits

Keywords

  • vulnerability management
  • SLA
  • compliance
  • SOC 2
  • CVE
  • risk reduction
  • audits

Mentioned in this episode

Organizations: SOC 2, CVE

More episodes of Relating to DevSecOps

Explore listener stats, chart rankings, contacts and more on the Relating to DevSecOps podcast page.