xml-dev - RE: [xml-dev] Managing Innovation

RE: [xml-dev] Managing Innovation

[ Lists Home | Date Index | Thread Index ]

To: "Bullard, Claude L (Len)" <clbullar@ingr.com>
Subject: RE: [xml-dev] Managing Innovation
From: Rick Marshall <rjm@zenucom.com>
Date: Fri, 03 Oct 2003 00:24:27 +1000
Cc: Xml-Dev <xml-dev@lists.xml.org>
In-reply-to: <15725CF6AFE2F34DB8A5B4770B7334EE03F9ED34@hq1.pcmail.ingr.com>
Organization: Zenucom Pty Limited
References: <15725CF6AFE2F34DB8A5B4770B7334EE03F9ED34@hq1.pcmail.ingr.com>
Reply-to: rjm@zenucom.com

On Thu, 2003-10-02 at 23:51, Bullard, Claude L (Len) wrote:
> Yes.  That is why some are running 24x7x365 
> organizations to find security holes, fix them, and 
> get the announcements out faster than they can be exploited. 
> There are big problems when the announcements go out 
> and are ignored, not understood, or the user doesn't 
> have the competence to do the work.  There is a bigger 
> problem if the hole is in systems that sit on the majority 
> of desktops and some number of servers.  That is the 
> monoculture problem.  On the other hand, one could 
> make the claim that if there is only one system to hit, 
> there is only one system to fix.
> 
> Innovation in finding, fixing, and getting fixes on 
> the machines is of value.  I think that is happening. 
> Every system has these problems, so sharing the innovations 
> will be of value to everyone.  It is likely that 
> wiser and calmer minds will come to that conclusion 
> and work to that end.

that's why i primarily use windows 2000/xp and redhat linux distros -
redhat in particular is very fast at getting fixes out - so they
obviously recognise the problem from a business perspective. ximian has
an alternative that is almost as good. microsoft does the job, but i
find it's response a bit patchy although i haven't done the stats.
basically i watch the announcements from cert and then how long to get a
fix from the vendor.

> 
> len
> 
> 
> From: Rick Marshall [mailto:rjm@zenucom.com]
> 
> On Thu, 2003-10-02 at 06:12, Bullard, Claude L (Len) wrote:
> > Some more insight on innovation in open source:
> > 
> > http://www.eweek.com/article2/0,4149,1306158,00.asp
> > 
> > Looks like Sun is not above a bit o' theatre and 
> > information gaming (I used to call this playing 
> > off the 8-ball: tell the geeks and they tell the 
> > other geeks who believe it because of the source).
> > 
> > and one on security flaws in an open source system.
> > 
> > http://www.eweek.com/article2/0,4149,1305344,00.asp
> 
> this is one of a large number of possible security flaws that "may be
> used to cause..."
> 
> one of the strengths of the current approach is the discovery and
> rectification of potential faults often long *** BEFORE *** they get
> exploited

References:
- RE: [xml-dev] Managing Innovation
  - From: "Bullard, Claude L (Len)" <clbullar@ingr.com>

Prev by Date: RE: [xml-dev] Managing Innovation
Next by Date: RE: [xml-dev] Managing Innovation
Previous by thread: RE: [xml-dev] Managing Innovation
Next by thread: RE: [xml-dev] Managing Innovation
Index(es):
- Date
- Thread