Lists Home |
Date Index |
On Thu, 2003-10-02 at 23:51, Bullard, Claude L (Len) wrote:
> Yes. That is why some are running 24x7x365
> organizations to find security holes, fix them, and
> get the announcements out faster than they can be exploited.
> There are big problems when the announcements go out
> and are ignored, not understood, or the user doesn't
> have the competence to do the work. There is a bigger
> problem if the hole is in systems that sit on the majority
> of desktops and some number of servers. That is the
> monoculture problem. On the other hand, one could
> make the claim that if there is only one system to hit,
> there is only one system to fix.
> Innovation in finding, fixing, and getting fixes on
> the machines is of value. I think that is happening.
> Every system has these problems, so sharing the innovations
> will be of value to everyone. It is likely that
> wiser and calmer minds will come to that conclusion
> and work to that end.
that's why i primarily use windows 2000/xp and redhat linux distros -
redhat in particular is very fast at getting fixes out - so they
obviously recognise the problem from a business perspective. ximian has
an alternative that is almost as good. microsoft does the job, but i
find it's response a bit patchy although i haven't done the stats.
basically i watch the announcements from cert and then how long to get a
fix from the vendor.
> From: Rick Marshall [mailto:email@example.com]
> On Thu, 2003-10-02 at 06:12, Bullard, Claude L (Len) wrote:
> > Some more insight on innovation in open source:
> > http://www.eweek.com/article2/0,4149,1306158,00.asp
> > Looks like Sun is not above a bit o' theatre and
> > information gaming (I used to call this playing
> > off the 8-ball: tell the geeks and they tell the
> > other geeks who believe it because of the source).
> > and one on security flaws in an open source system.
> > http://www.eweek.com/article2/0,4149,1305344,00.asp
> this is one of a large number of possible security flaws that "may be
> used to cause..."
> one of the strengths of the current approach is the discovery and
> rectification of potential faults often long *** BEFORE *** they get