Secure Coding mailing list archives
RE: Computerworld op/ed on vulnerability patch cycle
From: "Alexander Antonov" <aantonov () cigital com>
Date: Wed, 14 Apr 2004 15:53:20 +0100
Ken, I believe the issue of automatic updates was already discussed on other security-related lists. There are two main problems: - everybody who has subscribed is at a complete mercy of the software manufacturer, if a new bug is introduced in a new release, then everybody becomes vulnerable before getting a chance to test and approve it themselves - this automatic delivery mechanism becomes a single point of failure: if it is hacked, then everybody is hmm... not secure :-) Alexander Antonov http://www.cigital.com
FYI, I just saw an opinion piece on Computerworld written by Bill Addington called "Slow down the security patch cycle". (See http://www.computerworld.com/printthis/2004/0,4814,92037,00.ht ml for full story.) In the article, the author discusses some possible solutions for improving the distribution of vulnerability and patch information.
---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------
Current thread:
- Computerworld op/ed on vulnerability patch cycle Kenneth R. van Wyk (Apr 13)
- <Possible follow-ups>
- RE: Computerworld op/ed on vulnerability patch cycle Alexander Antonov (Apr 14)
- Re: Computerworld op/ed on vulnerability patch cycle Kenneth R. van Wyk (Apr 14)