Security Basics mailing list archives
RE: Patching
From: "Alexander Suhovey" <asuhovey () mtu-net ru>
Date: Tue, 21 Oct 2003 19:57:03 +0400
IMO the point of Alessandro's message is that fixes introduce *new* holes so your formula should be corrected to: 10,000 - 1 + n, where n>0. The question is if n<1 :) Al. -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Tuesday, October 21, 2003 12:38 AM To: security-basics () securityfocus com Subject: Re: Patching On Mon, Oct 20, 2003 at 10:12:29AM +0200, Alessandro Bottonelli wrote:
A thought has been crossing my mind for a long time, I'd like to confront it with the list. In the "old days" a patch and/or fix was defined as "something that closes a known hole and opens ten unknown holes" :-) Yet, literature and common practices keep saying we should maintain our systems and network
appliances
up to date with the last patches / software releases. WHY should I feel safer that way? How can I tell Rev. 1.3 is any better (security-wise) than Rev. 1.2 ? Is the cost (financial and others) of
change
management worth it? If so, how can I measure such worthness? -- Alessandro Bottonelli
A journey of a thousand miles starts with a single step. (10,000 -1) is less than 10,000. "Safer" is not "safe". As long as you are thinking, include that in your "why" considerations. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
Current thread:
- Patching Alessandro Bottonelli (Oct 20)
- RE: Patching Raoul Armfield (Oct 20)
- Re: Patching Florian Streck (Oct 20)
- Re: Patching Meritt James (Oct 20)
- RE: Patching Alexander Suhovey (Oct 21)
- Re: Patching Meritt James (Oct 21)
- Re: Patching Meritt James (Oct 20)
- Re: Patching Alessandro Bottonelli (Oct 20)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching Alessandro Bottonelli (Oct 21)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 22)
- RE: Patching Graydon McKee (Oct 22)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- <Possible follow-ups>
- Re: Patching David Lanagan (Oct 21)
- RE: Patching Erik R. Myers (Oct 21)