Patching The Cloud?

A sobering thought.

So, in a corner case example, what does a boundary condition like the out-of-cycle patch release of MS08-067 mean when your infrastructure and applications are no longer yours to manage and the ownership of the “stack” disintermediates you from being able to control how, when or even if vulnerability remediation anywhere in the stack (from the network on up to the app) is assessed, tested or deployed.

(Via Rational Survivability-Patching The Cloud?.)

Liked this post? Follow this blog to get more. 

2 responses on “Patching The Cloud?”

  1. John,
    In most cases the IT folks are not the one making the final decision. IT security will often warn the business that certain critical systems are exposed. Either IT communicates poorly or the business thinks a strongly worded contract is “risk mitigation”.

  2. As old old mainframe guy, I am positive that most platforms have enough “junk” installed on them so that NO ONE can have what we in the old days would call “system assurance”. Say what one wants about the old centralized computing systems, they had change control. Until IBM started to NOT share its microcode and source code with its Customers, any one could sit down with a module and examine what was in fact running with what was supposed to be running. Often when there was an “opportunity”, the first thing that folks did was conduct a “witch hunt” for what was wrong. Today, that is impossible and unheard of.

    What’s even more amusing to us “old hands” is the Linux movement and the Web-i-fication of applications. Funny how the world of “distributed computing” is swinging back to “centralization” with Web Operating Systems and Web Applications.

    The Linux distribtuions are putting the end users back in control of the Operating System source code.

    The Web application are making “system assurance” impossible.

    A virus writer no longer has the luxury of the Microsoft mono-culture. Find a operating system hole and exploit it everywhere. And, the Microsoft death grip on applications (i.e., word processing) is being exploded by Google Docs, Zoho, and their ilk. As well as competed with by Open Office.

    Anyone who feels confident that they, and their data, are not literally walking a high-wire tight rope across Niagra Falls on a windy day … Well, they are at best naive and at worst foolish.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Feel free to comment on this story directly above, but you can also go to copies posted to social media on the left, and reply to or comment on them there. Your responses via Twitter, Facebook, and Google+ will appear below.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)