[Full-disclosure] Re: what we REALLY learned from WMF
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
sbradcpa at pacbell.net
Fri Jan 6 00:33:27 GMT 2006
As I'm not a coder.. I don't have the technical information to answer
that one authoritatively. The WMF issue has taught me ...if you aren't
an authority on the issue....shut up! :-)
Gadi Evron wrote:
> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
>> It's easy for us on this side to Monday morning quarterback and say
>> "oh make it so". There are times too that I go...okay ...come on
>> ...how many days has it taken for that to get fixed? But then again,
>> I don't write code, I don't track back dependencies, I don't ensure
>> umpteem languages still work and all the other interconnectivity
>> between programs and code still function.
>> It's easy to say this stuff on this side.... but understand that the
>> mere release of a beta patch puts in jeopardy all of the consumer
>> home machines and small businesses that have no admin to protect them
>> and take mitigation measures.
>> What "I" really learned from this is to decide my "OWN" risk
>> tolerance and stop listening to all the sites and blogs and news
>> reports and what not that spread a lot of FUD and misinformation and
>> used this many times as a PR vehicle. Only I know what risk I will
>> tolerate. That's what I learned from this.
> And only you can decide your own risk vs. gain.
> Question is though, as I agree with you about BETA patches (although
> you don't have to use them), is if RELEASE patches can be released a
> lot faster?
> This is what this case taught me.
Letting your vendors set your risk analysis these days?
Full-Disclosure is hosted and sponsored by Secunia.