On Jan 9, 2019, at 10:51 , Saku Ytti <saku@ytti.fi> wrote:
On Wed, 9 Jan 2019 at 20:45, Töma Gavrichenkov <ximaera@gmail.com> wrote:
Nope, this is a misunderstanding. One has to *check* for advisories at least once or twice a week and only update (and reboot is necessary) if there *is* a vulnerability.
I think this contains some assumptions
1. discovering security issues in network devices is expensive (and thus only those you glean from vendor notices realistically exist)
Not really… I think the assumption here is that you can’t resolve an issue until the vendor publishes the fix. Outside of the open-source routing solutions (and even for most deployments, including those), I would say this is a valid assertion. (It’s more of an assertion than an assumption, IMHO).
2. downside of being affected by network device security issue is expensive
This depends on the issue, right? Owen