[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: Avoiding being a good admin - was DCOM RPC exploit (dcom.c)
On Tue, 29 Jul 2003 10:52:19 EDT, Jason <security@...enik.com> said:
> $15,600 * 83 = $1.3 million in lost time patching
>
> Compared to the very conservative 4 million lost otherwise?
>
> Add another million to the 1.3 mil to hire contractors and you still
> save almost 2 million.
$1.3M to patch MS03-023.
$1.3M to patch MS03-026.
$1.3M to patch MS03-030.
Now you're up to $3.9M, and only saving $100K. *MAYBE*. And if there's
another advisory, there goes another $1.3M. If there's 4 advisories a year,
it actually makes financial *SENSE* to just say "screw it" and accept the
fact that there will be a yearly worm-and-patch-everything party.
Maybe there's a *REASON* that IT security is underfunded - the cost/benefit
doesn't work out for the business....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030729/2841c35a/attachment.bin
Powered by blists - more mailing lists