John PescatoreNot only did Microsoft come out with a huge list of critical vulnerabilities yesterday (including a critical Windows 7 patch), but Adobe joined in with a whooper list of their own – 29 individual CVE numbers. Many of the Adobe vulnerabilities have had active exploits out already, so patch pushing is high priority. If your patch pushers work on commission, big checks going out this month…
To their credit, Microsoft has a very strong process in place for warning about coming patches, providing detailed information on the vulnerabilities and the risks and so on. Announcing 34 flaws in your products is generally not thought of as an exciting opportunity for a corporate press release, but long ago Microsoft did the right thing and really does make sure everyone is aware that it is Vulnerability Tuesday.
Adobe (like many other software vendors)is not quite there yet. They are getting better in making information available, but still in pull mode – if you look, you will find it. Â Time for that to change – patches are really just product safety recall events. When Maytag realized that some relay in my refrigerator was a fire hazard, they publicized it and reached out to contact everyone who might have a vulnerable product, they didn’t just place information on their website.
Now, Maytag actually paid for a real live human being to come to my house to fix the flaw. The software industry has largely fought off the warranty type clauses that would force that type of behavior, but consumers are spending almost as much on their PCs as they do on their refrigerators…
Category: Uncategorized Tags:
2 responses so far ↓
1 That Was One Whopper of a Vulnerability Tuesday | Windows (7) Affinity October 14, 2009 at 1:28 pm
[...] more here: That Was One Whopper of a Vulnerability Tuesday No [...]
2 That Was One Whopper of a Vulnerability Tuesday | Hack In The Box October 14, 2009 at 2:41 pm
[...] See the rest here: That Was One Whopper of a Vulnerability Tuesday [...]
Leave a Comment