Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: Pete Herzog <lists () isecom org>
Date: Thu, 13 Jan 2011 19:45:13 +0100

Yeah, sounds good in theory.  What about when vulnerabilities (and
presumably patches) come out for your "sandbox" or other security
software?

That's why you use a wide array of operational controls and not just 
one, like a sandbox. The sandbox in the article was just a small example.


IMO, adding more software to a system rarely results in overall
management gains.  This is because most software, including security
software, sucks.  If you find yourself patching too often, or you
can't trust that the patches won't break your environment, then you
probably need to find a software vendor that invests more in QA.


I couldn't agree more. Flaws in operational controls (security 
software) are a serious shame on the security industry and as you 
suggested, if you have that many flaws in a software, replace the 
vendor. However, I'll go one more- if you find your patches breaking 
too often or too many things, then stop patching and find an alternative.

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - pete () isecom org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault