Warning: include_once(/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php): failed to open stream: Permission denied in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304

Warning: include_once(): Failed opening '/home/antonaylward/InfoSecBlog/public/wp-content/plugins/wordpress-support/wordpress-support.php' for inclusion (include_path='.:/usr/local/lib/php:/usr/local/php5/lib/pear') in /home/antonaylward/InfoSecBlog/public/wp-settings.php on line 304
Patch « The InfoSec Blog
The InfoSec Blog

The Cost of patching

Posted by Anton Aylward

I saw this assertion go by and it stood out:

The bigger cost would be the cost of not patching. Such items as downtime will affect more staff/users than patching will.

That's not a fair statement. There is much more to the discussion than whether to patch or not to patch or "stuff this for a lark, lets convert to MAC or Linux".

The issue so far has been black and white.
There is a black and white difference between devices that face the internet and those that are not accessible to or from the 'Net.

But what about the "grey"? No all patches have the same criticality even for 'Net-facing devices.

And there's more to security - even of the Internet-facing devices - than patching software.