Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 12/28/2011 01:44 AM, Bennett Haselton wrote:
> On Tue, Dec 27, 2011 at 10:08 PM, Ken godee <ken@xxxxxxxxxxxxxxxxx> wrote:
> 
>>> password"?  That's what I'm talking about -- how often does this sort of
>>> thing happen, where you need to be subscribed to be a security mailing
>> list
>>> in order to know what workaround to make to stay safe, as opposed to
>> simply
>>> running yum-updatesd to install latest patches automatically.
>>
>> Happens all the time!
> 
> 
> Really?  An exploit is released in the wild, and there's a lag of several
> days before a patch is available through updates -- "all the time"?  How
> often?  Every week?
> 
> Since Gilbert and "supergiantpotato" seemed to be saying the opposite (that
> unpatched OS- and web-server-level exploits were pretty rare), what data
> were you relying on when you said that it "happens all the time"?
> 
> 
>> Count on it! If running any server available to
>> the public there is no "set and forget" if you're responsible for that
>> server you best stay informed/subscribed and ready to take action be it
>> a work around, update or whatever.

This website deals specifically with RHEL and security metrics:

http://www.awe.com/mark/blog/tags/metrics

CentOS will usually release security updates within 24 hours of upstream
during normal security updates and within 2 weeks on a "Point Release"
(a point release is a move from 5.6 to 5.7 or 6.1 to 6.2, etc.).

If you need faster updates than CentOS can provide, then RHEL is the
logical alternative.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux