Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Getting Off the Patch
From: phocean <0x90 () phocean net>
Date: Fri, 14 Jan 2011 19:22:53 +0100

If you don't do any 
testing and don't care then you don't have that work or money to lose 
with patching. But I said that already.



I can't leave that one. Seriously and with all the respect I have for
you, have you ever worked for a large company ?

First, there are ALWAYS (we are talking about scaling organisations,
right, not about startups) SEVERAL environments for critical
applications. Not for patching, but for coding, testing, validating and
producing. Each platform can be used for testing the patches. Patch
management doesn't involve additional cost here. It is just the way
production environments work.

Second, companies using critical applications and serious about their
users and environments don't care about the cost of a few more servers
if ever it was required.

I am aware one can find tons of counter examples of big companies
failing in having such processes, but it is an organization problem. Not
a patch management one.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]