Re: Trust (was RE: Antwort: Re: Facts, not Fiction)

[Bennett Todd <bet () rahul net>]

On Mon, Nov 17, 1997 at 08:22:05PM -0500, Stout, William wrote:
> I have to differ with Bennett and Marcus about DOS bugs and the like
> being quietly fixed before they're exploited, since not everyone
> religiously patches their systems.  Many production folk either do a
> 'set and forget' not wanting to fix something that works, or have
> religious reasons not to apply patch until some experience is had by
> others that did patch.

I shouldn't speak for MJR here, but my own opinion is that the original
stated view holds quite well: the major commercial firewall products can
be given a high degree of trust, as long as they are properly
configured, to be free of holes and bugs --- to behave as they are
designed to. The major firewall vendors are very very aggressive about
making and providing patches to security holes in their products, and
have a good record for getting them into the hands of their customers
before any exploits come out.

Whether a given user elects to pay for support (and so get such
patches), and whether they elect to apply them when they are shipped, is
their own lookout.

-Bennett