> I use Linux, OpenBSD and Windows in my enterprise. Linux and OpenBSD use > the "1 patch for 1 vulnerability" rule. Seems to me that MS is bunching > their patches together in order to make it seem on the surface that Windows > has less patches than other Oses, therefore it is more secure. CIOs, take > note.
Yeah, this is pretty disgusting. Seemingly harmless in application, but when you consider features often creep into patches in M$ software, it makes it extremely difficult to test a single mega-patch like this on a few thousand systems with different configurations and custom software installations. I can tell you first hand, that dealing with them in bunches severely slows the patch release process in enterprise environments. And I don't buy "its easier if it is all together". If your patch management system doesn't suck, any number of seperate patches can be applied just as easily as a subset of them. tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
