On Wed, 22 Sep 2004 12:52:54 EDT, Jon Lewis said:
Older versions of SA, especially with custom DNSBL rules, may have had this issue (applying DUL type DNSBL rules to IPs in every Received: header:) but thats been fixed for some time.
In many cases, "fixed" != "deployed", unfortunately. And that adoption curve has got a LONG tail at the far end going to infinity, because some sites will never upgrade. Has anybody done a comparison for different instances of this same problem (for instance, rate of fixing of 69/8 filters, open SMTP relays, installing a Microsoft 'critical' software fix, patching bind/ssh/apache/whatever after a vulnerability is found), to see if the underlying curve has similar characteristics? I'm familiar with Eric Rescorla's "Security Holes - Who cares?" paper (http://www.rtfm.com/Upgrade-usenix.pdf) and Beattie, Arnold, Cowan, Wagle, and Wright's "Timing the Application of Security Patches for Optimal Uptime" from LISA XVI - any other cites, especially for those that succeed in mathematically modelling it in the real world well enough to make predictions from?