| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: hackerwacker at cybermesa.com (james) Subject: Gates: 'You don't need perfect code' for good security On Fri, 2003-10-31 at 16:50, Beaty, Bryan wrote: > Correct me if I am wrong but... I'll be glad to. > > I believe every worm listed below could have been prevented had everyone > patched their systems. > I would like the security community to take more responsibility for > their own (in)actions. If you were hit by Blaster then you failed to > enforce a good patch management policy. Who's fault is that? Patch > management is boring and so we often ignore it. Hackers and worms simply > take advantage of our laziness. I guess blaster could be a form of > social engineering. "I know admins don't patch so I can write a worm and > kill the world." Since you directed this to the "security community" it seems you are speaking to IT folk and not end users. I **cannot** apply MS patches till they go through quite a bit of testing. I have been bitten with production boxes that are rendered unusable after a round of MS patches. We are a BSD/Linux shop with just a few MS boxes but it still takes a lot of time to make sure the patch(es) will work with various configurations and applications. I **shudder** to think what orgs that are all MS have to do to deploy patches. Who's fault is that?
Powered by blists - more mailing lists