RE: Patching

["Raoul Armfield" <armfield () amnh org>]

:In the "old days" a patch and/or fix was defined as "something 
:that closes a 
:known hole and opens ten unknown holes" :-) Yet, literature and common 
:practices keep saying we should maintain our systems and 
:network appliances 
:up to date with the last patches / software releases.
:
:WHY should I feel safer that way? How can I tell Rev. 1.3 is 
:any better 
:(security-wise) than Rev. 1.2 ? Is the cost (financial and 
:others) of change 
:management worth it? If so, how can I measure such worthness?

The point is that is closes a known hole.  The unknown ones are just
that unkown thus until they become known they are not security risks.
Of course the instance that they are public knowledge they become risks
but at least you put them off for a few days, weeks, months what ever it
takes.

Raoul


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------