Security Basics mailing list archives
Re: Patching
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 21 Oct 2003 10:33:28 +0200
On 2003-10-20 Alessandro Bottonelli wrote:
OK, so the main idea I get from the list is: a known hole is fixed and the others are (for the moment) unknown. Therefore, patching is a good idea. Hmmmm. I am not convinced yet that all this makes sense from a "wider" security perspective. Must a vulnerability / hole be known to be a risk?
Yes.
Security risks do not all come from "out there" and "bad guys" trying to exploit a vulnerability. System errors, data loss may very well occur from holes that are very unknown (or very honest operators that make mistakes).
Not very likely. The occasional malcontent user is much more of a problem than that. IMHO.
Once I get a very well oiled and stable infrastructure, I personally suffer everytime I have to disturb that balance. There's a lot of interdependability among the various elements of the whole system. Application X at release n.m needs Middleware Y at release j.k that in turn requires OS Z at release l.m that in turn.... everytime I touch something I feel that I have no control (but that could be just me) of where the ripples are going to end up to.
Patches breaking Software are a different kind of trouble. That's not (directly) security related. My 0.02 $CURRENCY. Regards Ansgar Wiechers --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Patching Alessandro Bottonelli (Oct 20)
- RE: Patching Raoul Armfield (Oct 20)
- Re: Patching Florian Streck (Oct 20)
- Re: Patching Meritt James (Oct 20)
- RE: Patching Alexander Suhovey (Oct 21)
- Re: Patching Meritt James (Oct 21)
- Re: Patching Meritt James (Oct 20)
- Re: Patching Alessandro Bottonelli (Oct 20)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching Alessandro Bottonelli (Oct 21)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 22)
- RE: Patching Graydon McKee (Oct 22)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- <Possible follow-ups>
- Re: Patching David Lanagan (Oct 21)
- RE: Patching Erik R. Myers (Oct 21)
- RE: Patching Gunnoe, Jason (Oct 22)
- RE: Patching Tran, John (Oct 22)
- RE: Patching wbradd (Oct 22)