nCircle.com >> 360 Security

« Security Leadership Conference | Main | SCADAGard SIG To Be Established »

Patch and Pray

The first talk that I saw today was Adam Shostak's talk about patch management. His basic messages were somewhat common sense -
       - Patch unreliability presents a significant amount of risk.
       - Patching too quickly or without considering that risk is insane.
       - Consider the cost of capital and business risk before applying patches willy-nilly.

You know, while that seems pretty obvious, it's probably very much like a quote that I heard from Stephen Covey yesterday: Common sense is most often not common practice"

All in all, a decent message, especially for the audience here.

Posted on May 9, 2005 11:47 AM |

TrackBack

Listed below are links to weblogs that reference Patch and Pray:

» Well, Hello Nurse! from Emergent Chaos
The fine folks over at NCircle seem to have been given a directive from on high: Let there be blogs! And there were. And ncircle saw, and they were good. And someone said, let the bloggers be prolific, and... [Read More]

Tracked on May 10, 2005 7:57 PM

» Same old song and dance from Thinking WiKID Thoughts
Here's the summary: A lonely teenager looking for bragging rights takes advantage of unpatched, vulnerable versions of SSH to plant a trojan horse to steal usernames and passwords, escalates his priviledges and gains access to valuable information. Ewe... [Read More]

Tracked on May 11, 2005 8:38 AM

Search


About

This page contains a single entry from the blog posted on May 9, 2005 11:47 AM.

The previous post in this blog was Security Leadership Conference.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]