[c-nsp] Prepare for router Wednesday
Gert Doering
gert at greenie.muc.de
Wed Mar 12 03:30:21 EDT 2008
Hi,
On Tue, Mar 11, 2008 at 09:43:30PM -0500, Frank Bulk - iNAME wrote:
> By not making the update available until the 6 month mark has been met,
> service providers are not able to choose their own update cycle. Rather, by
> restricting the updates to every 6 months, Cisco has reduced the update
> cycle to, at most, once every 6 months. So this reduces flexibility for the
> customer, but benefits Cisco by reducing the number of test cycles and
> updates they need to post, i.e. cost savings for them.
This has been already answered, so stop ranting.
Cisco will fix the bugs as soon as they are discovered, and make new images
available. As usual.
What they are *not* doing is "post security advisories every few weeks
for things that are not (yet) known out in the wild". Because when they
do that, people *will* go out trying to find the exploit, and then everybody
has to scramble to upgrade, multiple times a year.
Personally, I think there is no way besides "do not code security holes"
to make everybody happy - and I'm fine with the proposed schema. Provided
the mechanism "knowledge appears in the wild -> immediate release" works.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20080312/3041f404/attachment.bin
More information about the cisco-nsp
mailing list