Linux Today - Lesson From the DNS Bug: Patching Isn't Enough

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices

Technology Jobs

LinuxToday Newsletters

Server Daily
IT Management Daily
Subscribe News
Subscribe PR
Subscribe Security

internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

Current Newswire:

SECURITY: Flash Player Sandbox Comes to Firefox

The Future of Kubuntu

SECURITY: Symantec should not be afraid of 'open' source code

Linux 3.3 rc3

60 Fantastic Free Android Apps

Ready for Another Linux Tablet? Meet the Rugged Trimble Yuma

How can the layman get involved with free software?

RIM Commits to Open Source BlackBerry 10 Native SDK

Oracle Staking Claim in Open-Source 'R' Language

50 Open Source Tools That Could Help You Find (or Keep) a Valentine

Applications Management Engineer Sr (NYC)
Next Step Systems
US-NY-New York

Post A Job | Post A Resume

:Lesson From the DNS Bug: Patching Isn't Enough

Lesson From the DNS Bug: Patching Isn't Enough
Jul 25, 2008, 15 :30 UTC (3 Talkback[s]) (6399 reads)
(Other stories by Bruce Schneier)

"The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won't prevent every vulnerability, but it's much more secure -- and cheaper -- than the patch treadmill we're all on now."

Complete Story

Related Stories:
Researcher Spills Beans on DNS Flaw Specs(Jul 23, 2008)
Preventing DNS Poisoning in Linux(Jul 12, 2008)
Patches Coming Today for DNS Vulnerability(Jul 09, 2008)