Re: [Full-disclosure] Getting Off the Patch

[phocean <0x90@xxxxxxxxxxx>]

> If you don't do any 
> testing and don't care then you don't have that work or money to lose 
> with patching. But I said that already.
> 
> -pete.
> 

Pete,

I can't leave that one. Seriously and with all the respect I have for
you, have you ever worked for a large company ?

First, there are ALWAYS (we are talking about scaling organisations,
right, not about startups) SEVERAL environments for critical
applications. Not for patching, but for coding, testing, validating and
producing. Each platform can be used for testing the patches. Patch
management doesn't involve additional cost here. It is just the way
production environments work.

Second, companies using critical applications and serious about their
users and environments don't care about the cost of a few more servers
if ever it was required.

I am aware one can find tons of counter examples of big companies
failing in having such processes, but it is an organization problem. Not
a patch management one.

phocean

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/