|
Full Disclosure
mailing list archives
Re: Getting Off the Patch
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 14 Jan 2011 15:54:08 +0000
I'm sure it will all be cleared up when we see the reporting...
t
From: Christian Sciberras [mailto:uuf6429 () gmail com]
Sent: Friday, January 14, 2011 7:45 AM
To: Thor (Hammer of God)
Cc: lists () isecom org; phocean; full-disclosure () lists grok org uk; Zach C
Subject: Re: [Full-disclosure] Getting Off the Patch
Thought I should point out that they seem to have forgotten the main function in mass/distributed computer control and
management.
What otherwise would be a "huge" waste, it's done in little time and tested reliable in as much little time. According
to the reliability of the patch, one would also assume that worst case scenarios involve *just* rolling back changes,
again, not really loosing anything at all.
On Fri, Jan 14, 2011 at 4:39 PM, Thor (Hammer of God) <thor () hammerofgod com<mailto:thor () hammerofgod com>> wrote:
We disagree. Patches changes code which has already been operationally and
functionally tested. This requires additional testing for each update and patch
and that takes time, money, and other resources away from other things.
Therefore no wonder when operations scale upward, the cost of security
goes exponential. It's because of all the waste.
Please share the research you have that backs up this statement. I would be very interested in knowing the details
that that provide the foundation for this argument. I'm particularly interested in the cost points and identification
of the exponential cost of security from patching and the money saved by not patching in your environment.
I presume that you have empirical evidence of the vast savings based on concurrent operational models in an enterprise
environment, so I'm curious as to how many thousands of servers you are operationally responsible for, because that
information is not only critical, but required for this model to be considered. IOW, if you could share the analysis
you presented to management that they bought off on, that would extremely helpful.
Thanks!
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Getting Off the Patch, (continued)
Re: Getting Off the Patch Pete Herzog (Jan 13)
Re: Getting Off the Patch phocean (Jan 14)
Re: Getting Off the Patch Pete Herzog (Jan 14)
Re: Getting Off the Patch Thor (Hammer of God) (Jan 14)
Re: Getting Off the Patch Christian Sciberras (Jan 14)
Re: Getting Off the Patch Thor (Hammer of God) (Jan 14)
Re: Getting Off the Patch Pete Herzog (Jan 14)
Re: Getting Off the Patch Pete Herzog (Jan 14)
Re: Getting Off the Patch phocean (Jan 14)
Re: Getting Off the Patch Valdis . Kletnieks (Jan 14)
Re: Getting Off the Patch phocean (Jan 14)
Re: Getting Off the Patch Valdis . Kletnieks (Jan 14)
Re: Getting Off the Patch phocean (Jan 14)
Re: Getting Off the Patch Paul Schmehl (Jan 14)
Re: Getting Off the Patch Pete Herzog (Jan 17)
Re: Getting Off the Patch phocean (Jan 17)
(Thread continues...)
|
