On Tuesday, December 27, 2011 10:13:12 PM Bennett Haselton wrote: > Roughly what percent of the time is there such an unpatched exploit in the > wild, so that the machine can be hacked by someone keeping up with the > exploits? While I did reply elsewhere in the thread, I want to address this specifically. I can give you a percentage number very easily. The answer is 100%. There is always an unpatched exploit in the wild; just because it's not been found by the upstream vendor (and by extension the CentOS project) doesn't mean it's not being used in the wild. I would hazard to say the risk from an unknown, but used, exploit is far greater than the 'window of opportunity' exploits you seem to be targeting. I would also hazard to say that it would be similar in risk to 'window of opportunity' exploit timing in the Windows world; not because the OS's are similar in terms of security but because 'window of opportunity' exploit timing is the same regardless of the general security of the OS. And I think studies of 'window of opportunity' exploits have been done and are publicly available. I say this after having performing a risk assessment of our infrastructure myself, incidentally. It's not a matter of 'if' you will be hacked, but 'when,' and this is being acknowledged in high-level security circles. So you plan your high-availability solution accordingly, and plan for outages due to security issues just like you'd plan for network or power outages. This is becoming standard operating procedure in many places.