Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: what we REALLY learned from WMF
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Thu, 05 Jan 2006 16:33:27 -0800

As I'm not a coder.. I don't have the technical information to answer that one authoritatively. The WMF issue has taught me ...if you aren't an authority on the issue....shut up! :-)

Gadi Evron wrote:

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

It's easy for us on this side to Monday morning quarterback and say "oh make it so". There are times too that I go...okay ...come on ...how many days has it taken for that to get fixed? But then again, I don't write code, I don't track back dependencies, I don't ensure umpteem languages still work and all the other interconnectivity between programs and code still function.

It's easy to say this stuff on this side.... but understand that the mere release of a beta patch puts in jeopardy all of the consumer home machines and small businesses that have no admin to protect them and take mitigation measures.

What "I" really learned from this is to decide my "OWN" risk tolerance and stop listening to all the sites and blogs and news reports and what not that spread a lot of FUD and misinformation and used this many times as a PR vehicle. Only I know what risk I will tolerate. That's what I learned from this.

And only you can decide your own risk vs. gain.

Question is though, as I agree with you about BETA patches (although you don't have to use them), is if RELEASE patches can be released a lot faster?

This is what this case taught me.


Letting your vendors set your risk analysis these days? http://www.threatcode.com

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]