Comment Re:Nonsense (Score 2) 294
Having patches approved by a CAB should not be a big deal. A brief write-up of the patches to be applied -- or an attachment listing the patches, reasons for applying them, etc -- was all that was required. Every CAB I've ever worked with has a procedure for an emergency like applying a patch for something like Heartbleed. All it usually took was a phone call to certain people and getting a verbal authorization. (You filled out the standard change request forms after the fact.) Working with a CAB is no big deal. Really.
But speaking of pointless paperwork... We had someone in a QA role stand up in front of the IT group and tell us that they wanted a screen shot of every single patch installation for every single server the patch was installed on. (And the rest of the QA team nodded their heads in unison like robots.) When it was pointed out that the length of time required for making a separate screen shot -- signed and dated by hand to boot -- for each of the patches in your typical Microsoft service pack times hundreds and hundreds of servers and that such a process would be prohibitive (to say the least) they eventually backed off. If that initial request wasn't bad enough, they actually wanted the process to be: Install the first patch, take the screen shot, print it, label it, sign and date it. Only after those steps were completed would you move onto the next patch or server. If their plan had been implemented the company would have had to build a new building just to house the printed screenshots.