[CentOS] security compliance vs. old software versions

Wed Jun 30 20:50:48 UTC 2010
m.roth at 5-cent.us <m.roth at 5-cent.us>

Jim Wildman wrote:
> On Wed, 30 Jun 2010, Frank Cox wrote:
>> What is the point of doing a security scan under conditions that are not
>> actually "live"?
>> It sounds like moving the flammable materials out before a fire
>> inspection, then moving them right back in when the inspector leaves.
>> What is gained?  You're no more secure than you were before the
>> inspection, and and you're no longer running what you had running during
>> the inspection.

> For most (large) organizations, security scans have NOTHING to do with
> increasing security, and everything with being able to answer "Yes"
> to a question like "Do you regularly scan for known defects?",
> probably for a VISA type compliance check.
> If you don't already know, you really don't want to know about data
> security in the medical or banking communities.

Heh. Heh. Heh. And don't forget the credit card community. Or the US gov't
(and gov't medical community).