[Dshield] Heterogenous patch management

Kenton Smith ksmith at chartwelltechnology.com
Thu Sep 25 21:22:56 GMT 2003


On Thu, 2003-09-25 at 14:01, Kenneth Porter wrote:

> So are you saying you want a single patch system that manages patches from
> many  vendors?

That's exactly what I'm saying. Why? Because if complexity breeds insecurity, as is
one of the main premises of this paper, then by moving away from a
homogenous system I'm creating complexity. If I have to use 3 different
vendors' patch management systems to patch for the same vulnerability,
am I not making it more complex? The only way to simplify it again is if
I can manage it all from a single point.

> I can't imagine Sun not having some kind of automated patch system like RHN
> and Windows Update, *for Sun systems*. Commercial distros of BSD are likely to
> implement one to compete.

I'm sure they do, but that's not the point.





More information about the list mailing list