|
Guard against this OpenSSL vulnerability |
|
|
|
Source: TechRepublic - Posted by Benjamin D. Thomas
|
The overwhelming number of open source Web sites and the widespread use of OpenSSL to secure connections create a tremendous problem when vulnerabilities emerge. Case in point: In October 2005, the OpenSSL.org Project released a patch to fix a vulnerability in all previously released versions of OpenSSL. Get the details about this vulnerability, and get Mike Mullins' take on the overall challenges of patch management.
While the issue of a newly discovered vulnerability that affects a large percentage of the computers running on the Internet has become quite common, the problem goes much deeper. One of the most persistent problems with software is patch management—and the larger the enterprise, the larger the problem.
Microsoft has taken steps to address this issue with Automatic Updates service. In my opinion, the software company has done a good job of notifying users of available patches and updates.
On the other hand, the open source community continues to struggle with developing an integrated patch management solution. Most administrators have little time to check for patches or read vulnerability notices—if they've even signed up to receive them. That's why it's essential to know exactly what you've deployed on your systems and to check regularly for updates for that software.
Read this full article at TechRepublic
I agree ... but I also believe it is the Administrator's responsibility to review which patches have been released before selecting a distribution. Some keep up to date more than others. Keeping that in mind, automated patch distribution systems (i.e. GDSN) can save a lot of time and effort. |
