Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting Off the Patch

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Fri, 14 Jan 2011 15:39:48 +0000
We disagree. Patches changes code which has already been operationally and
functionally tested. This requires additional testing for each update and patch
and that takes time, money, and other resources away from other things.
Therefore no wonder when operations scale upward, the cost of security
goes exponential. It's because of all the waste.


Please share the research you have that backs up this statement.  I would be very interested in knowing the details 
that that provide the foundation for this argument.  I'm particularly interested in the cost points and identification 
of the exponential cost of security from patching and the money saved by not patching in your environment.  

I presume that you have empirical evidence of the vast savings based on concurrent operational models in an enterprise 
environment, so I'm curious as to how many thousands of servers you are operationally responsible for, because that 
information is not only critical, but required for this model to be considered.  IOW, if you could share the analysis 
you presented to management that they bought off on, that would extremely helpful.  

Thanks!

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: