Hi Eliot,
Thanks for raising your concern. I’ll note that I first started working on
this because a well deployed library already had plans to drop support for
versions 1.0 and 1.1 in their next release. Customers that wanted those
versions would have to use a prior library. This history may
Having risk management experience as well as policy establishment and
enforcement, I would rather see the clear notification that something is not
secure. Then the organization makes the decision to take that risk based on
likelihood/impact considerations. This factors in risk tolerance and bu
I disagree here as those other implementations just need to make their own
business risk decisions and put in place an exception process. One option in
the risk decision process is to accept risk, you can also mitigate, eliminate,
or transfer the risk.
Best regards,
Kathleen
Sent from my mob
