Re: security compliance vs. old software versions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Jim Wildman wrote:
> On Wed, 30 Jun 2010, Frank Cox wrote:
<snip>
>> What is the point of doing a security scan under conditions that are not
>> actually "live"?
>>
>> It sounds like moving the flammable materials out before a fire
>> inspection, then moving them right back in when the inspector leaves.
>>
>> What is gained?  You're no more secure than you were before the
>> inspection, and and you're no longer running what you had running during
>> the inspection.

> For most (large) organizations, security scans have NOTHING to do with
> increasing security, and everything with being able to answer "Yes"
> to a question like "Do you regularly scan for known defects?",
> probably for a VISA type compliance check.
>
> If you don't already know, you really don't want to know about data
> security in the medical or banking communities.

Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't
(and gov't medical community).

       mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux