The Buck Stops Where?

Where does the buck stop?

That depends on who's asking the question. For the customers of the company that Tim's freind works for, the buck does indeed stop at that company.... and perhaps that companys Network Admins. However for those Network Admins, the buck does indeed stop at Microsoft.

If mechanic breaks my car because of a faulty tool .... I'm not going to care why my car got broken... as far as I'm concerned the mechanic is ultimately responsible for the botched end result. However, the car mechanic has every right to call the company which produced the faulty tool out on the carpet for shoddy workmanship. Just like Network Admins have every right to grill Microsoft for shoddy workmanship.

As usual you let MicroSoft off the hook too easly, Tim. Your friends Network Admins didn't design a product with security holes in it... you favorite software company did that.... and to shrug it off with a blaise "it happens" is a lame excuse.

As far as telling you friend to kick his network admins in the pants and apply the patch... your dead wrong. Microsoft has a fairly poor track record of producing patches that do more harm then the origional vulnerabilties they are intended to redress.

As a network admin, you have (with Microsoft at least)to play a fairly delicate balancing game between assessing the threat of a vulnerabilty and the possibilty of a patch blowing up your server. A secure server isn't going to do you much good if it's also a non-functioning server. Generaly you want to allow enough time for any major obvious problems with a patch to be discovered and corrected.

I NEVER install an MS patch within 24 hours of it's release and I will NEVER allow automatic updates of MS software.
However Tim is correct that this is pretty severe vulnerabilty and I did have it applied to our externaly exposed servers within 48 hours of release. However, there are some internal servers that won't see this patch until SP3.

Mel

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/74/11937#11937

The Buck Stops Where? 2002-04-17
blacklight

The Buck Stops Where? 2002-04-18
Anonymous

It all comes down to these things. 2002-04-19
Noseman (1 replies)

It all comes down to these things. 2002-04-22
Anonymous

The Buck Stops Where? 2002-04-19
Owen Creger

The Buck Stops Where? 2002-04-19
Sculder

The Buck Stops Where? 2002-04-19
Anonymous

The Buck Stops Where? 2002-04-22
ali abolfathi (1 replies)

The Buck Stops Where? 2002-04-23
Anonymous

Blame the (Em)balmer? 2002-04-23
dave.williams@gte.net (1 replies)

Blame the (Em)balmer? 2002-04-29
Stefan

The Buck Stops Where? 2002-04-23
Jim

The Buck Stops Where? 2002-04-23
blacklight

The Buck Stops Where? -- No, not everyone uses ASP 2002-04-25
Anonymous

The Buck Stops Where? 2002-04-26
Bakdosh

The Buck Stops Where? 2002-04-29
Anonymous (1 replies)

The Buck Stops Where? 2002-05-04
Anonymous

Tim, when is the last time you had to admin more than 50 servers...? 2002-04-30
tarr

The Buck Stops Where? 2002-05-01
Anonymous

The Buck Stops Where? 2002-05-02
Anonymous

The Buck Stops Where? 2002-05-06
Anonymous