|
Full Disclosure
mailing list archives
Re: Getting Off the Patch
From: Valdis.Kletnieks () vt edu
Date: Fri, 14 Jan 2011 13:24:24 -0500
On Fri, 14 Jan 2011 15:03:10 +0100, Pete Herzog said:
And you would be wrong because patching means changing the code. You
know what you have and the operations are as you want them. Then you
want to change the code to deal with some problem which requires you
to verify your operations again to assure it is what you want. Perhaps
you don't implement change control. Perhaps you don't do functional
testing of operations after patching. Perhaps you choose to trust the
same people who made the flaw in the first place. Perhaps you don't
know your operational baseline. Perhaps you have lots of time to
spare. All reasons why you may want to patch AND use controls. But you
would be remiss to think that patching means only fixing a problem and
changes nothing else.
Anybody else seen machines with 3 and 4 copies of the Java runtime on it
because they have different applications that simply fail on certain patchlevels
of the JVM? :)
Attachment:
_bin
Description:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
(Thread continues...)
| 
