[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [Full-Disclosure] no more public exploits

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: AW: [Full-Disclosure] no more public exploits
From: Cael Abal <lists2@xxxxxxxxxx>
Date: Tue, 27 Apr 2004 23:10:14 -0400

Baum, Stefan wrote:

IMHO, no sysadmin taking his work seriously, will wait patching the systems
until an exploit is available throughout the internet.

Stefan
(I AM A SYSADMIN)

Cripes, this is the thread that never ends.

What if there were two patches fixing vulnerabilities of equal severity, one with a known, published exploit and one without? Would you give one priority (considering that rolling out a patch involves significant testing)? You do perform regression testing, right?

What if you were juggling a slew of very high priority tasks and a patch was made available? Would you drop everything (including those mission critical jobs your boss' boss asked you to handle by days end) in order to push that patch out the door immediately?

Part of being a good sysadmin (really, being a good /anything/) involves being able to perform on-the-fly cost/benefit analyses. Realistically, the lack of a widespread published exploit means an attack on any given machine is less likely. An admin who chooses to ignore these probabilities isn't looking at their job with the right perspective.

Take care,

Cael

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- AW: [Full-Disclosure] no more public exploits
  - From: Baum, Stefan

Prev by Date: Re: [Full-Disclosure] no more public exploits and general PoC gui de lines
Next by Date: RE: [Full-Disclosure] LSASS exploit win32 binary
Previous by thread: Re: AW: [Full-Disclosure] no more public exploits
Next by thread: Re: AW: [Full-Disclosure] no more public exploits
Index(es):
- Date
- Thread