lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4D2F4839.2070600@isecom.org> Date: Thu, 13 Jan 2011 19:45:13 +0100 From: Pete Herzog <lists@...com.org> To: Tim <tim-security@...tinelchicken.org> Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>, Valdis.Kletnieks@...edu Subject: Re: Getting Off the Patch > Yeah, sounds good in theory. What about when vulnerabilities (and > presumably patches) come out for your "sandbox" or other security > software? That's why you use a wide array of operational controls and not just one, like a sandbox. The sandbox in the article was just a small example. > > IMO, adding more software to a system rarely results in overall > management gains. This is because most software, including security > software, sucks. If you find yourself patching too often, or you > can't trust that the patches won't break your environment, then you > probably need to find a software vendor that invests more in QA. > I couldn't agree more. Flaws in operational controls (security software) are a serious shame on the security industry and as you suggested, if you have that many flaws in a software, replace the vendor. However, I'll go one more- if you find your patches breaking too often or too many things, then stop patching and find an alternative. Sincerely, -pete. -- Pete Herzog - Managing Director - pete@...com.org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.badpeopleproject.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists