Saturday, March 29, 2008
Why Bex Huff is wrong about security...
I figured I would throw daggers at Bex Huff and his recent posting...
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uiTmCBAMRKru447sHosiJ1ylU-dy-ypwD_Dv7qfLMnHprgvRlQJ482w7bdMiU24jS8-27ZH7sd1Tb-F_rMJ02yPCKenxwOLTsr0awM3mGhQ9c4sk_QFgkuCyUMpJvdKdZzW9iRKaLDV_M0_UeWxYUj2_s=s0-d)
best practices practical considerations around writing software to make patching easier. Do you think others in the blogosphere would be willing to dedicate a couple of blog postings to help figure this out?
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sHr15yLtp9UIQpavBp8bysMh2qJ6Uu0ZGbiirDyYdO0ym1fosg5l83mAPxytK8zcMxFDzO3SyRczLWpUA9QpugdVEe7RT1brLZ8UJOwLKv0mcatdfnOqPtuczqXHczcXkWzq9Ir1N74Q=s0-d)
| | View blog reactions- I was shocked to discover that fewer than 20% of Oracle customers admit to applying the rolling security patches that Oracle releases... yikes
- CERT often says that 99% of security breaches are due to users not applying patches. In other words, 80% of Oracle customers choose to make themselves vulnerable to 99% of the attacks.
- I'd argue most security problems are due to improperly configured and improperly maintained software.
- If you want secure applications, first demand software that is effortless to patch and maintain.