lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <NHBBKOKFNKAIECDLOKDCAEHMELAA.alerta@redsegura.com>
From: alerta at redsegura.com (Alerta Redsegura)
Subject: Vulnerability response times -- MS and others

A big issue here that has not been discussed is the time window between the
release of a patch/upgrade and the ability to safely apply it in a live
environment.

Among my customers, many sysadmins just cannot apply the latest patches as
soon as they are available because of possible dependencies with other
vendor's commercial apps.

This is not only true for Windows: in the last year, I have seen several Red
Hat Linux installations where SendMail and OpenSSH patches could not be
applied because of interference with 3rd-party applications run on these
particular boxes.

They had to wait until the third-party software manufacturers released their
own upgrades to install the system's patches.

Of course, A clear advantage *still present* in Linux is that you can do all
the upgrades without rebooting, and even most of the times, without taking
the services down more than 5 or 10 seconds.



Regards,


I?igo Koch
redsegura.com



bggdh said:
[snip]
>
> Anyways... the report seems to indicate that Microsoft is the fastest
> on solving security issues.
>
> Comments?
>
>  --Comparing Windows and Linux Security


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ