Dailydave mailing list archives
Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes)
From: Pete Herzog <lists () isecom org>
Date: Mon, 13 Nov 2006 15:52:55 +0100
Dave, I can't agree with this at all. Not handling the low end (patch management to fix known bugs) is essential.
Patch management is a fancy word for "add-on support for a problem product" which is the electronic version of a recall. Basic defenses are removal from or elimination of a threat (separation). Next step up could be controlling the classes of threats through things like authentication, confidentiality, etc. Management processes, like patch management, is still another step up where after you've already defined your defenses, you still have some services which you could neither remove nor control from a class of threats. Those exposed services you need to make sure are running the best they can. Here, patch management is the least (read lazy) you can do. It means you do it because you can wash your hands of it and say, hey, I patched. But it's not essential unless it's only covering your ass that's essential. If you need security and not just compliance, then those exposed services better be inspected and tested by the Vuln Research team to find the stuff the developer didn't. Because after all, it's your stuff out there and just waiting for them to find bugs and patch them is really not gonna do it for those who need it. -pete. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- "The organization I belong to doesn't have initals" (that evil dude in Heroes) Dave Aitel (Nov 12)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Pete Herzog (Nov 13)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Paul Melson (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Steve Manzuik (Nov 13)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Olef Anderson (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Nicolas RUFF (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) David Maynor (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Daniel (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Siim Põder (Nov 14)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) Matt Richard (Nov 15)
- Re: "The organization I belong to doesn't have initals"(that evil dude in Heroes) dan (Nov 16)
- Re: "The organization I belong to doesn't have initals" (that evil dude in Heroes) Tito Villalobos (Nov 13)