One cannot patch to a secure system.
The rate of published "fixes" suggests that there is a reservoir of known and unknown vulnerabilities in these popular products (e.g., operating systems, browsers, readers, content managers). No matter how religiously one patches, the products are never whole.
They present an attack surface much larger than the applications for which they are used and cannot be relied upon to resist those attacks. However, in part because they are standard across enterprises and applications, they are a favored target.
They should not be exposed to the public networks. Hiding them behind firewalls and end-to-end application layer encryption moves from "good" practice to "essential."
Patching may be mandatory but it is expensive, a cost of using the product.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment