Secure Coding mailing list archives
Re: Computerworld op/ed on vulnerability patch cycle
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Wed, 14 Apr 2004 17:36:45 +0100
Alexander Antonov wrote: I believe the issue of automatic updates was already discussed on other security-related lists. Yes, I agree, but that's not what I was commenting on specifically. Certainly, we've seen automatic patches for a few years now. (And for many systems, e.g., desktop users, I believe that they're a good thing, in general.) The column, however, advocates _slowing down_ the patch and distribution process so that all (subscribed) users of the product get the patch and install it more-or-less simultaneously. In my view, that doesn't do much, if anything, to make matters better. If anything, it punishes those that promptly install (after appropriate testing, no doubt) patches because it forces them to wait for the stragglers to catch up. That said, I certainly agree with the column's notion that the current patching process that most product vendors use is not meeting our needs. Cheers, Ken van Wyk http://www.KRvW.com
Current thread:
- Computerworld op/ed on vulnerability patch cycle Kenneth R. van Wyk (Apr 13)
- <Possible follow-ups>
- RE: Computerworld op/ed on vulnerability patch cycle Alexander Antonov (Apr 14)
- Re: Computerworld op/ed on vulnerability patch cycle Kenneth R. van Wyk (Apr 14)