[VoiceOps] Broadworks Patch Religion

Dan White dwhite at olp.net
Mon Feb 8 11:17:59 EST 2010


On 08/02/10 08:02 -0800, David Hiers wrote:
>We can reason all we want to about this, but there is one large area
>of unknowns...
>
>Patch release notes are imperfect, and embarrassing secrets can exist
>inside companies and code; one whisper from a trusted Broadsoft
>employee is enough to nudge me down the  "patch everything" (aka "open
>your mouth and close your eyes") maintenance path.

By reading between the lines I can only assume that there are serious bugs
and security vulnerabilities that are not documented, and quietly fixed in
patches.

That's a nasty way to hold patches over your head. There are reasons why
a software producer should *always* document fixed vulnerabilities. It
should be part of the normal release cycle.

I shudder at the thought of depending on a software producer that is OK
with embarrassing secrets existing inside their code.

-- 
Dan White


More information about the VoiceOps mailing list