[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Vulnerability response times -- MS and others
- To: "Full-Disclosure" <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] Vulnerability response times -- MS and others
- From: "Alerta Redsegura" <alerta@xxxxxxxxxxxxx>
- Date: Wed, 7 Apr 2004 18:15:00 -0500
A big issue here that has not been discussed is the time window between the
release of a patch/upgrade and the ability to safely apply it in a live
environment.
Among my customers, many sysadmins just cannot apply the latest patches as
soon as they are available because of possible dependencies with other
vendor's commercial apps.
This is not only true for Windows: in the last year, I have seen several Red
Hat Linux installations where SendMail and OpenSSH patches could not be
applied because of interference with 3rd-party applications run on these
particular boxes.
They had to wait until the third-party software manufacturers released their
own upgrades to install the system's patches.
Of course, A clear advantage *still present* in Linux is that you can do all
the upgrades without rebooting, and even most of the times, without taking
the services down more than 5 or 10 seconds.
Regards,
Iñigo Koch
redsegura.com
bggdh said:
[snip]
>
> Anyways... the report seems to indicate that Microsoft is the fastest
> on solving security issues.
>
> Comments?
>
> --Comparing Windows and Linux Security
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html