Security Basics mailing list archives
Re: Third Party Patch Management
From: Phil Bieber <philbieber () gmail com>
Date: Fri, 27 Mar 2009 08:17:51 +0100
On Thu, Mar 26, 2009 at 05:08, <aaaa () bbbb com> wrote: <--snip-->
krymson personally I think your suggestion to not bother patching apps for the life of the hardware is not good. If you keep track of software vulnerabilities that are reported and patched you'd have seen that too many of the vulnerabilities are so severe that not patching them for 3 years would be a very bad idea.
<--snip--> Hi! I have to agree, that it is probably not good to not worry about patching for the lifetime of hardware. Especially, when I look at my workplace, where there are many desktops that are significantly older than three or five years. Another way to do it is to install all major releases (for example just install Acrobat Reader 9, don't bother with 9.1). But be aware! You're users are still vulnerable, but you still have a rather new software environment... Cheers Phil Bieber -- Monday is an awful way to spend 1/7th of your life. Atheism is a non-prophet organization. GPG KEY ID (Philipp Bieber): 0x0185E301 FINGERPRINT: CA81 28C2 E63F DAF8 5ED4 DACB 7C26 EE5B 0185 E301 Philipp Bieber - philbieber () gmail com ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Third Party Patch Management Al Cooper (Mar 24)
- Re: Third Party Patch Management Noah . Lance (Mar 25)
- Re: Third Party Patch Management badz (Mar 25)
- Re: Third Party Patch Management fac51 (Mar 25)
- Re: Third Party Patch Management τ∂υƒιφ * (Mar 25)
- <Possible follow-ups>
- Re: Third Party Patch Management chmod1777 (Mar 24)
- Re: Third Party Patch Management Phil Bieber (Mar 25)
- Re: Third Party Patch Management krymson (Mar 25)
- Re: Re: Third Party Patch Management chmod1777 (Mar 26)
- Re: Third Party Patch Management aaaa (Mar 26)
- Re: Third Party Patch Management Phil Bieber (Mar 27)
- Re: Third Party Patch Management krymson (Mar 27)