[Full-disclosure] Re: what we REALLY learned from WMF

["Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>]

As I'm not a coder.. I don't have the technical information to answer 
that one authoritatively.  The WMF issue has taught me ...if you aren't 
an authority on the issue....shut up!  :-)

Gadi Evron wrote:

> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
>
> > It's easy for us on this side to Monday morning quarterback and say 
> > "oh make it so".  There are times too that I go...okay ...come on 
> > ...how many days has it taken for that to get fixed?  But then again, 
> > I don't write code, I don't track back dependencies, I don't ensure 
> > umpteem languages still work and all the other interconnectivity 
> > between programs and code still function.
> >
> > It's easy to say this stuff on this side.... but understand that the 
> > mere release of a beta patch puts in jeopardy all of the consumer 
> > home machines and small businesses that have no admin to protect them 
> > and take mitigation measures.
> >
> > What "I" really learned from this is to decide my "OWN" risk 
> > tolerance and stop listening to all the sites and blogs and news 
> > reports and what not that spread a lot of FUD and misinformation and 
> > used this many times as a PR vehicle.  Only I know what risk I will 
> > tolerate.  That's what I learned from this.
>
>
> And only you can decide your own risk vs. gain.
>
> Question is though, as I agree with you about BETA patches (although 
> you don't have to use them), is if RELEASE patches can be released a 
> lot faster?
>
> This is what this case taught me.
>
>     Gadi.

--
Letting your vendors set your risk analysis these days?  
http://www.threatcode.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/