Having maintained such systems, I can say that some vendors are very good about testing their products with patches and will advise and assist when critical patches are released.

Other (read: most) vendors are g-dawful, however. The software barely functions on an outdated version of the operating system and often is not compatible with the latest service packs.

That said, many utilities don't even have real IT people maintaining the systems. They were probably set up by and are maintained by mechanics or electricians or engineers with no more knowledge of computer systems than most other people.

I know of one case where the maintenance staff ran their own ethernet, set up their network for their energy system without the It department having the faintest idea it was set up.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/6767/21740#21740