Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday, December 27, 2011 10:13:12 PM Bennett Haselton wrote:
> Roughly what percent of the time is there such an unpatched exploit in the
> wild, so that the machine can be hacked by someone keeping up with the
> exploits?  

While I did reply elsewhere in the thread, I want to address this specifically.

I can give you a percentage number very easily.  The answer is 100%.  There is always an unpatched exploit in the wild; just because it's not been found by the upstream vendor (and by extension the CentOS project) doesn't mean it's not being used in the wild.  I would hazard to say the risk from an unknown, but used, exploit is far greater than the 'window of opportunity' exploits you seem to be targeting.

I would also hazard to say that it would be similar in risk to 'window of opportunity' exploit timing in the Windows world; not because the OS's are similar in terms of security but because 'window of opportunity' exploit timing is the same regardless of the general security of the OS.  And I think studies of 'window of opportunity' exploits have been done and are publicly available.

I say this after having performing a risk assessment of our infrastructure myself, incidentally. It's not a matter of 'if' you will be hacked, but 'when,' and this is being acknowledged in high-level security circles.

So you plan your high-availability solution accordingly, and plan for outages due to security issues just like you'd plan for network or power outages.  This is becoming standard operating procedure in many places.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux