[CentOS] security compliance vs. old software versions
m.roth at 5-cent.us
m.roth at 5-cent.us
Wed Jun 30 20:50:48 UTC 2010
Jim Wildman wrote:
> On Wed, 30 Jun 2010, Frank Cox wrote:
<snip>
>> What is the point of doing a security scan under conditions that are not
>> actually "live"?
>>
>> It sounds like moving the flammable materials out before a fire
>> inspection, then moving them right back in when the inspector leaves.
>>
>> What is gained? You're no more secure than you were before the
>> inspection, and and you're no longer running what you had running during
>> the inspection.
> For most (large) organizations, security scans have NOTHING to do with
> increasing security, and everything with being able to answer "Yes"
> to a question like "Do you regularly scan for known defects?",
> probably for a VISA type compliance check.
>
> If you don't already know, you really don't want to know about data
> security in the medical or banking communities.
Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't
(and gov't medical community).
mark
More information about the CentOS
mailing list