Monday, March 31, 2008
Saturday, March 29, 2008
Friday, March 28, 2008
It was more than some attendees could bear."And the Titanic was unsinkable," Mike Poor, a senior security analyst for IntelGuardians shot back. Other attendees complained that security increasingly looked like an afterthought as VMware continued to add new bells and whistles to its Workstation and ESX Server products - many from third party companies."I wonder if those people have learned anything from the infamous "unbreakable" campain from Oracle.
Tuesday, March 25, 2008
Wednesday, March 19, 2008
Thursday, March 13, 2008
Friday, March 7, 2008
Cisco has announced its regular patch cycle, just like Microsoft. There is just a "small" difference between each company's process: Cisco is planning to release patches only twice an year.
What these people need to understand is that vulnerability management is not exactly like change management. Some people believe that long change cycles are a good sign of mature change management. Ok, it may be, but for vulnerabilities the problem is quite different. While you can have a good perception of the probability of a common error has to cause you problems, it's almost impossible to have the same number about a vulnerability. Not only that you can't have this number, it's also not under your control! That makes vulnerability patching a different kind of change, that needs to be released as soon as possible.
I'm curious about the motives behind this 6 months time; is it because the testing process for cisco products is more complex or they are just less competent than the others on producing patches?