On Fri, 14 Jan 2011 15:03:10 +0100, Pete Herzog said: > And you would be wrong because patching means changing the code. You > know what you have and the operations are as you want them. Then you > want to change the code to deal with some problem which requires you > to verify your operations again to assure it is what you want. Perhaps > you don't implement change control. Perhaps you don't do functional > testing of operations after patching. Perhaps you choose to trust the > same people who made the flaw in the first place. Perhaps you don't > know your operational baseline. Perhaps you have lots of time to > spare. All reasons why you may want to patch AND use controls. But you > would be remiss to think that patching means only fixing a problem and > changes nothing else. Anybody else seen machines with 3 and 4 copies of the Java runtime on it because they have different applications that simply fail on certain patchlevels of the JVM? :)
Attachment:
pgpvX1dZX_rNS.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/