Bugtraq mailing list archives

foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???)

From: Michael Shigorin <mike () osdn org ua>
Date: Wed, 3 May 2006 12:52:24 +0300

On Tue, May 02, 2006 at 04:10:27PM +0100, David Litchfield wrote:

That's what good regular patches allow me to do. The benefits
are absolutely clear.  There are two major problems that can
cause these benefits to evaporate into thin air, however. 
1) Late Patches
2) Re-issued Patches


3) Artificially late patches -- those which could be made
available ahead of usual schedule to reduce vulnerability window.

I guess regular approach is OK for low-to-moderate but guarantees
enough additional headache for critical updates.  After all, it's
only vendor-found ones that can wait, and that's not exactly
"responsible" too since nobody can tell for sure the particular
problem isn't already known out there.

-- 
 ---- WBR, Michael Shigorin <mike () altlinux ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

Current thread:

Oracle, where are the patches??? David Litchfield (May 02)
- foreseeing (cough) critical problems futile? (was: Oracle, where are the patches???) Michael Shigorin (May 04)
- <Possible follow-ups>
- RE: Oracle, where are the patches??? Kornbrust, Alexander (May 02)
  - Re: [Full-disclosure] RE: Oracle, where are the patches??? Cesar (May 04)