The Trailing Edge (was Re: FW: The worst abuse e-mail ever, sverige.net

[Valdis.Kletnieks () vt edu]

On Wed, 22 Sep 2004 12:52:54 EDT, Jon Lewis said:

> Older versions of SA, especially with custom DNSBL rules, may have had
> this issue (applying DUL type DNSBL rules to IPs in every Received:
> header:) but thats been fixed for some time.

In many cases, "fixed" != "deployed", unfortunately.  And that adoption
curve has got a LONG tail at the far end going to infinity, because some
sites will never upgrade.

Has anybody done a comparison for different instances of this same problem
(for instance, rate of fixing of 69/8 filters, open SMTP relays, installing a
Microsoft 'critical' software fix, patching bind/ssh/apache/whatever
after a vulnerability is found), to see if the underlying curve has similar
characteristics?

I'm familiar with Eric Rescorla's "Security Holes - Who cares?"
paper (http://www.rtfm.com/Upgrade-usenix.pdf) and Beattie, Arnold,
Cowan, Wagle, and Wright's "Timing the Application of Security Patches
for Optimal Uptime" from LISA XVI - any other cites, especially for those
that succeed in mathematically modelling it in the real world well enough to
make predictions from?

Attachment: _bin
Description: