oss-security - Re: Open Source Tool | vPrioritization

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <20200907165101.38058373@jabberwock.cb.piermont.com>
Date: Mon, 7 Sep 2020 16:51:01 -0400
From: "Perry E. Metzger" <perry@...rmont.com>
To: Pramod Rana <varchashva@...il.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Open Source Tool | vPrioritization | Risk
 Prioritization Framework

On Sun, 6 Sep 2020 13:18:34 +0530 Pramod Rana <varchashva@...il.com>
wrote:
> Appreciate your comments.
> 
> My two cents - Patch everything is far from reality to most (read
> all) organizations

"All" is clearly false; I know many organizations that patch
all their hardware fast, and a few that do it essentially within
hours (unless CI tests for the patched infra fail). I don't have good
statistics, but the existence of some organizations of significant
size capable of patching everything leads me to believe the obstacle
isn't whether it's possible.

Perry
-- 
Perry E. Metzger		perry@...rmont.com

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.