Security Holes Aren't Being Filled
from the of-course-not dept
There's a new study out talking about how many sysadmins don't do a very good job patching security holes. The study and its conclusions seem a bit flawed, however. First, the "study" is based on one single flaw that one security consultant decided to follow. He did a Google search to pick servers that had that flaw (he apparently found out about the flaw right before it went public). Then he kept testing those servers over time to see who fixed the flaw. Since it's only one instance, it's not clear how conclusive this study is. The conclusions also seem a bit off-base as well. The guy says he thinks that the sysadmins who didn't patch the hole are clearly lazy. However, with the incredible number of security hole announcements that come out every single day, I think it's more of a "crying wolf" situation. There are only so many security holes that sysadmins are going to respond to, and after a while they don't see the threats as being that strong, compared to the actual effort of patching.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
don't forget...
Might not be lazy people.. *shrug*
[ link to this | view in thread ]
Re: don't forget...
1. there are always a chance that patches will break something...
2, many software products are supported only on certain patch levels. i.e. Service Pack 3 for Windows NT. If admin installs newer service pack -
he is on his own.
3. patches still cannot ( mostly ) be installed without downtimes. By installing patches admin has no chance to reach 99% uptime on unclustered servers. At the same time *ADMIN, YOU DO NOT UNDERSTAND, BUSINESS SIDE NEEDS IT*
[ link to this | view in thread ]
Re: don't forget...
[ link to this | view in thread ]