| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bduffy at gmail.com (Bernard J. Duffy) Subject: AW: no more public exploits Are you saying that the military has standardized best practices that mandate the immediate installation of vendor OS patches? If they do, I highly doubt that such policies are widely adhered to. The fact is, quickly released security patches can and often do break applications, particularly when the system configuration is less common. Ask any Windows NT administrator about that. I would venture to guess that you would not be a happy camper if the IT organization supporting the systems that process your payroll or banking applied code fixes without a robust testing procedure. Bernard Duffy bduffy@...ap.rr.com On Wed, 28 Apr 2004 13:13:04 +0800, tcleary2@....com.au <tcleary2@....com.au> wrote: > > Cael Abal said: > > >Realistically,the lack of a widespread published exploit means an > >attack on any given machine is less likely. An admin who chooses > >to ignore these probabilities isn't looking at their job with the right > perspective. > > You missed the "IMHO". > > In the Military your generalisation is probably not a self evident truth. > > To quote another posters sig. "Knowing what you don't know is more > important > than knowing what you know." and I would add that that's because what you > do know you can try to deal with. > > Enough of the philosophy class. > > Regards, > > tom. > ---------------------------------------------------------------------------------------- > Tom Cleary - Security Architect > > "In IT, acceptable solutions depend upon humans - Computers don't > negotiate." > ---------------------------------------------------------------------------------------- > This is a PRIVATE message. If you are not the intended recipient, please > delete without copying and kindly advise us by e-mail of the mistake in > delivery. NOTE: Regardless of content, this e-mail shall not operate to > bind CSC to any order or other contract unless pursuant to explicit > written agreement or government initiative expressly permitting the use of > e-mail for such purpose. > ---------------------------------------------------------------------------------------- > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists