| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Jan 2011 19:22:53 +0100 From: phocean <0x90@...cean.net> To: lists@...com.org Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, Zach C <fxchip@...il.com> Subject: Re: Getting Off the Patch > If you don't do any > testing and don't care then you don't have that work or money to lose > with patching. But I said that already. > > -pete. > Pete, I can't leave that one. Seriously and with all the respect I have for you, have you ever worked for a large company ? First, there are ALWAYS (we are talking about scaling organisations, right, not about startups) SEVERAL environments for critical applications. Not for patching, but for coding, testing, validating and producing. Each platform can be used for testing the patches. Patch management doesn't involve additional cost here. It is just the way production environments work. Second, companies using critical applications and serious about their users and environments don't care about the cost of a few more servers if ever it was required. I am aware one can find tons of counter examples of big companies failing in having such processes, but it is an organization problem. Not a patch management one. phocean _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists