[VoiceOps] Broadworks Patch Religion
Dan White
dwhite at olp.net
Mon Feb 8 11:17:59 EST 2010
On 08/02/10 08:02 -0800, David Hiers wrote:
>We can reason all we want to about this, but there is one large area
>of unknowns...
>
>Patch release notes are imperfect, and embarrassing secrets can exist
>inside companies and code; one whisper from a trusted Broadsoft
>employee is enough to nudge me down the "patch everything" (aka "open
>your mouth and close your eyes") maintenance path.
By reading between the lines I can only assume that there are serious bugs
and security vulnerabilities that are not documented, and quietly fixed in
patches.
That's a nasty way to hold patches over your head. There are reasons why
a software producer should *always* document fixed vulnerabilities. It
should be part of the normal release cycle.
I shudder at the thought of depending on a software producer that is OK
with embarrassing secrets existing inside their code.
--
Dan White
More information about the VoiceOps
mailing list