On Feb 23, 2011, at 10:23 PM, John R Pierce pierce@hogranch.com wrote:
On 02/23/11 6:08 PM, Machin, Greg wrote:
Hi.
I have had an enquiry from the Network and Security guy. He wants to know why CentOS 5.5 /RHEL 5 is using a very old version of bind “bind-chroot-9.3.6-4.P1.el5_5.3” when the latest release that has many security fixes is on 9.7.3 . I understand that its to maintain a known stable platform by in introducing new elements etc .. Is there an official explanation / document that I can direct him to.
to put it bluntly, your security guy is pretty much worthless as such if he thinks security is audited by checking version numbers.
sadly, this is too common.
Let's face it most auditors these days are just accountants with Infosys Mgmt text books.
The ridiculously high levels of regulations has created a demand for auditors that can no longer be filled by competent IT skilled auditors.
Oh well these are the days.
-Ross