Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: Christian Sciberras <uuf6429 () gmail com>
Date: Fri, 14 Jan 2011 16:44:56 +0100

Thought I should point out that they seem to have forgotten the main
function in mass/distributed computer control and management.
What otherwise would be a "huge" waste, it's done in little time and tested
reliable in as much little time. According to the reliability of the patch,
one would also assume that worst case scenarios involve *just* rolling back
changes, again, not really loosing anything at all.



On Fri, Jan 14, 2011 at 4:39 PM, Thor (Hammer of God)
<thor () hammerofgod com>wrote:

We disagree. Patches changes code which has already been operationally and
functionally tested. This requires additional testing for each update and
patch
and that takes time, money, and other resources away from other things.
Therefore no wonder when operations scale upward, the cost of security
goes exponential. It's because of all the waste.

Please share the research you have that backs up this statement.  I would
be very interested in knowing the details that that provide the foundation
for this argument.  I'm particularly interested in the cost points and
identification of the exponential cost of security from patching and the
money saved by not patching in your environment.

I presume that you have empirical evidence of the vast savings based on
concurrent operational models in an enterprise environment, so I'm curious
as to how many thousands of servers you are operationally responsible for,
because that information is not only critical, but required for this model
to be considered.  IOW, if you could share the analysis you presented to
management that they bought off on, that would extremely helpful.

Thanks!

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault