>From my perspective, developing a patch and applying a patch are two different life cycles. I'm no developer, but I know what it takes to properly test and roll-out patches within my (current and previous) organization(s).
I don't pretend to believe that all patches are the same, but this PnP patch is one of the less difficult to deal with in terms of a roll-out. I truly believe this recent worm could have been avoided if MS05-039 was taken more seriously. I cannot say as to why MS hasn't addressed any other outstanding issues. While it's a valid concern of mine as well, it really doesn't relate to the discussion regarding the MS05-039 fiasco. On 8/17/05, Geo. <[EMAIL PROTECTED]> wrote: > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Micheal > Espinola Jr > > > >>Regardless of "a LOT of Windows 2000 out there...", these companies > weren't bitten the same day the initial exploit was released. 6 days > is plenty of time to have tested compatibility and to distribute the > patch.<< > > How can you allow a vendor to take 6 months to a year to release a patch and > then say 6 days is plenty of time to test and patch? > > You know, I was sure when MS announced there would be 6 patches for august > that one of them would be one of these > http://www.eeye.com/html/research/upcoming/index.html but I guess not... 141 > days and counting, and it will get released when MS hears that someone has > written and released an exploit for it, then of course all of us have 6 days > to live.. > > Geo. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- ME2 <http://www.santeriasys.net/> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
