AW: [Full-Disclosure] no more public exploits
Cael Abal
lists2 at onryou.com
Wed Apr 28 04:10:14 BST 2004
Baum, Stefan wrote:
> IMHO, no sysadmin taking his work seriously, will wait patching the systems
> until an exploit is available throughout the internet.
>
> Stefan
> (I AM A SYSADMIN)
Cripes, this is the thread that never ends.
What if there were two patches fixing vulnerabilities of equal severity,
one with a known, published exploit and one without? Would you give one
priority (considering that rolling out a patch involves significant
testing)? You do perform regression testing, right?
What if you were juggling a slew of very high priority tasks and a patch
was made available? Would you drop everything (including those mission
critical jobs your boss' boss asked you to handle by days end) in order
to push that patch out the door immediately?
Part of being a good sysadmin (really, being a good /anything/) involves
being able to perform on-the-fly cost/benefit analyses. Realistically,
the lack of a widespread published exploit means an attack on any given
machine is less likely. An admin who chooses to ignore these
probabilities isn't looking at their job with the right perspective.
Take care,
Cael
Full-Disclosure is hosted and sponsored by Secunia.