lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1295029373.20424.50.camel@subarashii>
Date: Fri, 14 Jan 2011 19:22:53 +0100
From: phocean <0x90@...cean.net>
To: lists@...com.org
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	Zach C <fxchip@...il.com>
Subject: Re: Getting Off the Patch

> If you don't do any 
> testing and don't care then you don't have that work or money to lose 
> with patching. But I said that already.
> 
> -pete.
> 

Pete,

I can't leave that one. Seriously and with all the respect I have for
you, have you ever worked for a large company ?

First, there are ALWAYS (we are talking about scaling organisations,
right, not about startups) SEVERAL environments for critical
applications. Not for patching, but for coding, testing, validating and
producing. Each platform can be used for testing the patches. Patch
management doesn't involve additional cost here. It is just the way
production environments work.

Second, companies using critical applications and serious about their
users and environments don't care about the cost of a few more servers
if ever it was required.

I am aware one can find tons of counter examples of big companies
failing in having such processes, but it is an organization problem. Not
a patch management one.

phocean

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ