Note: I changed the subject to more accurately reflect the discussion.
So, it's not true, except it depends? Then it is true.
This is foolish thinking. Do you really think that, when a patch comes out, *then* the hackers start working on exploits? The exploits were being used *long* before the patch comes out. The only thing a patch gets you is protection against *future* hack attempts against *that* weakness.
This is demonstrably not true - it depends who finds the problem.
Not *every* exploit comes out after a patch is released, but it's a fact that *some* exploits are in use long before a "researcher" reports them to a vendor and/or a patch comes out.
To think otherwise is foolish, as I said. If one isn't paranoid, one probably doesn't belong in the security field. If you're sitting back thinking you're safe because you're patched and you patch quickly, then you're unalert and exposed.
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
