On Tue, 08 Nov 2011 09:21:37 +0100, Stephane Bortzmeyer said:
> I disagree. The official bug statement from Juniper in August was
> trying very hard to downplay the importance of the bug ("Given the
> complexity of conditions required to trigger this issue, the
> probability of exploiting this defect is extremely low"). No wonder so
> few people (and not only at Level-3) did not upgrade.August (and if that's when the *fix* came out, the bug is even older). September. October. November. So maybe the probability *is* low. And if JunOS is anything like CIsco IOS, a lot of shops didn't upgrade because the newer release has *other* issues in their environments. Nobody wants to upgrade to fix a once-ever-few-months bug if it also buys them a daily crash in something else.
pgpLqqJ7QsVdF.pgp
Description: PGP signature
