Re: Third Party Patch Management

[Phil Bieber <philbieber () gmail com>]

On Thu, Mar 26, 2009 at 05:08,  <aaaa () bbbb com> wrote:
<--snip-->
> krymson personally I think your suggestion to not bother patching apps for the life of the hardware is not good.  If 
> you keep track of software vulnerabilities that are reported and patched you'd have seen that too many of the 
> vulnerabilities are so severe that not patching them for 3 years would be a very bad idea.
<--snip-->

Hi!
I have to agree, that it is probably not good to not worry about
patching for the lifetime of hardware. Especially, when I look at my
workplace, where there are many desktops that are significantly older
than three or five years.
Another way to do it is to install all major releases (for example
just install Acrobat Reader 9, don't bother with 9.1). But be aware!
You're users are still vulnerable, but you still have a rather new
software environment...

Cheers

Phil Bieber
--
Monday is an awful way to spend 1/7th of your life.

Atheism is a non-prophet organization.

GPG KEY ID (Philipp Bieber): 0x0185E301
FINGERPRINT: CA81 28C2 E63F DAF8 5ED4 DACB 7C26 EE5B 0185 E301
Philipp Bieber - philbieber () gmail com

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------