[ale] IBM is buying Redhat!
Simba
simbalion-ale at tailpuff.net
Mon Oct 29 11:15:38 EDT 2018
Irrelevant. Every day that a vulnerable system remains unpatched is a
day that system could be compromised.
You can't go on for hours about how DoD demands rigorous standards, then
tell me that they're incapable of patching in a reasonable timeframe,
and call that competence.
I would fire everyone for not reaching that conclusion on their own, and
I would re-write the rules to prioritize technology security.
Simba Lion - https://tailpuff.net
https://keybase.io/simbalion
"Why is a raven like a writing desk?"
On 10/29/18 11:06 AM, Solomon Peachy wrote:
> On Mon, Oct 29, 2018 at 10:33:30AM -0400, Simba via Ale wrote:
>> 30 days is being generous. Most simple patches could be tested and
>> rolled out in 48 hours in a well run environment. 30 days IS for the
>> complicated ones.
>
> 30 days doesn't even scratch the surface for safety-critical
> applications, even if no bespoke hardware is involved.
>
> For example, the testing regimen of the last DoD project I worked on
> included simulated EMP bursts as well as the usual environmental
> hazards. Those tests took days to run.. after the several weeks it took
> to get lab time scheduled.
>
> - Solomon
>
More information about the Ale
mailing list