Re: security compliance vs. old software versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

For most (large) organizations, security scans have NOTHING to do with
increasing security, and everything with being able to answer "Yes"
to a question like "Do you regularly scan for known defects?",
probably for a VISA type compliance check.

If you don't already know, you really don't want to know about data
security in the medical or banking communities.


On Wed, 30 Jun 2010, Frank Cox wrote:

>
> What is the point of doing a security scan under conditions that are not
> actually "live"?
>
> It sounds like moving the flammable materials out before a fire
> inspection, then moving them right back in when the inspector leaves.
>
> What is gained?  You're no more secure than you were before the
> inspection, and and you're no longer running what you had running during
> the inspection.
>

----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim@xxxxxxxxxxxxx http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux