On 12/2/20 5:37 AM, Peter Gutmann wrote:
If a device can be at all critical (and even if it isn’t), then it should be upgraded or replaced.The fact that many of these devices are extremely critical is precisely why they're never replaced or upgraded, because they can't be taken out of production.
+1
Another problem is that "upgrades" often don't function identically to the firmware or equipment it would be replacing, making replacement inherently disruptive even if it didn't require a shutdown.
Under current conditions, relying on upgrades to fix security
issues in industrial environments is a nonstarter. There's a
tremendous amount of inertia to overcome at many different levels.
Keith
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
