●Stories
●Firehose
●All
●Popular
●Polls
●Software
●Thought Leadership
Submit
●
Login
●or
●
Sign up
●Topics:
●Devices
●Build
●Entertainment
●Technology
●Open Source
●Science
●YRO
●Follow us:
●RSS
●Facebook
●LinkedIn
●Twitter
●
Youtube
●
Mastodon
●Bluesky
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
Forgot your password?
Close
This discussion has been archived.
No new comments can be posted.
Load All Comments
Full
Abbreviated
Hidden
/Sea
Score:
5
4
3
2
1
0
-1
More
Login
Forgot your password?
Close
Close
Log In/Create an Account
●
All
●
Insightful
●
Informative
●
Interesting
●
Funny
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
byJayhawk0123 ( 8440955 ) writes:
1- wait... weren't government entities supposed to get first crack at patches?
2- And how in the fuck do you go unpatching a security vulnerability for so long?
(if you say "ohh there aren't any proof of concept out in the wild, so we don't need to worry about it" ... you're an idiot that needs to go back to school... the moment a patch is released, it gets reverse engineered to find out what was being patched... then that gets targeted... this usually happens in under 36 hours... where you go from patch bein
bybuck-yar ( 164658 ) writes:
Someone a few posts up wrote
If you believe ANY software can be made 100% secure, YOU should be fired for total incompetence. You find vendors with a proven track record, do thorough risk assessments, patch discovered vulnerabilities, and cross your fingers.
Sounds relevant. If they find a bug, is it like an ant that for every one you see, there's a hundred you don't? By patching the instant a patch is released, you've patched that hole. But security is whack-a-mole, next bug pops up soon (by your own admissions). Vulnerabilities everywhere, in every software from every vendor. Kind of seems like the issue is keeping the system online despite it being an insecure idea. Back in the days of the Apollo program, programs were well audite
byJayhawk0123 ( 8440955 ) writes:
it's up to your risk matrix.... but i don't see how any risk calculus would allow security patches to sit for this long. And pretty sure it's in violation of the actual rules when it comes to maintain these systems... fed systems have rules they need to abide by.
I've usually advised deferring major updates by a few weeks so kinks can be worked out, but critical security were rolled out ASAP (after a backup was done WITH A TESTED BACKUP/RESTORE procedure) in a gradual roll out. we didn't spends months waiting for security patches, and we grouped systems by mission criticality/exposure/etc... And i think that the backup/restore is usually the ignored bit... and why people are hesitant to run updates too quickly... at these scales, this should have been an automated task, and the more i think about it, the more i feel this was a case of some tech worker no approving the patch for deployment by accident.
Or they deployed, tested, and it broke the systems for some reason... and they couldn't take them offline/further restrict access for another reason... so they were stuck maintaining an unpatched SharePoint deployment vs rebuilding it from scratch with all the patches.
In the case of the Apollo program, it was reliable... not secure. I'm sure if you went back in time and looked at how the chips operated, how the actual programming language behaved, how the machine code was actually compiled, and how the compiler behaved... you would be able to find loads of vulnerabilities in that chain today, they didn't even think/worry about security. They didn't have to worry about someone remoting into NASA and ransoming the moon lander. They did have to worry about ensuring that the computers were reliable, consistent and accurate... as basic (compared to today) as they were.
On a side note - if you're keen on this stuff... look into the track record of patches introducing additional vulnerabilities in the same vein of what was patched, completely new types of vulnerabilities introduced, or breaking previous patches... that's a fun subject to get into.
Parent
twitter
facebook
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Slashdot
●
●
Submit Story
If A = B and B = C, then A = C, except where void or prohibited by law.
-- Roy Santoro
●FAQ
●Story Archive
●Hall of Fame
●Advertising
●Terms
●Privacy Statement
●About
●Feedback
●Mobile View
●Blog
Do Not Sell or Share My Personal Information
Copyright © 2026 Slashdot Media. All Rights Reserved.
×
Close
Working...
Working...