security rant

, 1 min read

Ah to be able to rant so well…

mjr argues security concepts on the firewall-wizards mailing list.

Join me in challenging the preconceptions of an industry that has grown up around “if you can’t do something RIGHT do something STUPID, HARDER!”

That’s what we’re talking about, here, with all the focus on patch management:

  • Rather than run a good O/S: run a bad one and MANAGE it BETTER
  • Rather than understand your connectivity: leave it OPEN and FIDDLE WITH your endpoints CONSTANTLY
  • Rather than run good code: run bad code and UPGRADE IT DAILY

Yes, the vendors (antivirus / security / firewall / software / hardware) seem to have no problem with it eh?