[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Getting Off the Patch
- To: "lists@xxxxxxxxxx" <lists@xxxxxxxxxx>, phocean <0x90@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Getting Off the Patch
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Fri, 14 Jan 2011 15:39:48 +0000
>We disagree. Patches changes code which has already been operationally and
>functionally tested. This requires additional testing for each update and patch
>and that takes time, money, and other resources away from other things.
>Therefore no wonder when operations scale upward, the cost of security
>goes exponential. It's because of all the waste.
Please share the research you have that backs up this statement. I would be
very interested in knowing the details that that provide the foundation for
this argument. I'm particularly interested in the cost points and
identification of the exponential cost of security from patching and the money
saved by not patching in your environment.
I presume that you have empirical evidence of the vast savings based on
concurrent operational models in an enterprise environment, so I'm curious as
to how many thousands of servers you are operationally responsible for, because
that information is not only critical, but required for this model to be
considered. IOW, if you could share the analysis you presented to management
that they bought off on, that would extremely helpful.
Thanks!
t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/