[CentOS] security compliance vs. old software versions
Jim Wildman
jim at rossberry.com
Wed Jun 30 20:38:41 UTC 2010
For most (large) organizations, security scans have NOTHING to do with
increasing security, and everything with being able to answer "Yes"
to a question like "Do you regularly scan for known defects?",
probably for a VISA type compliance check.
If you don't already know, you really don't want to know about data
security in the medical or banking communities.
On Wed, 30 Jun 2010, Frank Cox wrote:
>
> What is the point of doing a security scan under conditions that are not
> actually "live"?
>
> It sounds like moving the flammable materials out before a fire
> inspection, then moving them right back in when the inspector leaves.
>
> What is gained? You're no more secure than you were before the
> inspection, and and you're no longer running what you had running during
> the inspection.
>
----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE jim at rossberry.com http://www.rossberry.com
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine
More information about the CentOS
mailing list