More Advisories, More Security

More Advisories, More Security
Thierry Carrez, 2005-02-14

More and more, we see articles questioning the security of a given platform based solely on the number of advisories published -- and this approach is simply wrong.

Colapse all | Post comment

More Advisories, More Security 2005-02-15
Todd Knarr

There's another factor that needs to be considered besides just how fast patches to fix the problem are created, distributed and applied. That's whether a patch is even neccesary. For example, there was an OpenSSL vulnerability that, while dangerous, could easily be neutered merely by turning off on...

[ more ] [ reply ]

More Advisories, More Security 2005-02-15
Nyx

The size (and the threat) of vulnerability window depends of the time that the automated attack tools are developed, too....

[ more ] [ reply ]

More Advisories, More Security 2005-02-16
DuFeu

As a Gentoo user, I can confirm the ease and pleasure of dealing with GSLA driven updates.

As the person charged with maintaining security on all the Windows desktop PCs where I work, I can tell you 1) not all the PCs are up-to-date on their security patches. 2) They won't be all up-to-date for s...

[ more ] [ reply ]

More Complexity, More Insecurity 2005-02-21
Matthew Murphy

There's a terrific point made here about "Time for the vendor to produce a patch", but I think it glosses over one very important aspect of that problem.

In open-source packages, code boundaries are generally pretty tight. The reason that integrating an HTTP Server and a web browser into an OS (...

[ more ] [ reply ]