Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: Valdis.Kletnieks () vt edu
Date: Fri, 14 Jan 2011 13:24:24 -0500

On Fri, 14 Jan 2011 15:03:10 +0100, Pete Herzog said:

And you would be wrong because patching means changing the code. You 
know what you have and the operations are as you want them. Then you 
want to change the code to deal with some problem which requires you 
to verify your operations again to assure it is what you want. Perhaps 
you don't implement change control. Perhaps you don't do functional 
testing of operations after patching. Perhaps you choose to trust the 
same people who made the flaw in the first place. Perhaps you don't 
know your operational baseline. Perhaps you have lots of time to 
spare. All reasons why you may want to patch AND use controls. But you 
would be remiss to think that patching means only fixing a problem and 
changes nothing else.

Anybody else seen machines with 3 and 4 copies of the Java runtime on it
because they have different applications that simply fail on certain patchlevels
of the JVM? :)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]