Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Should hosting companies have change freezes?

Submitted by AngryDad
AngryDad (947591) writes "Today I received a baffling email from my hosting provider that said "We have a company-wide patching freeze and we will not be releasing patches to our customers who utilize the patching portal for the months of November and December". This means that myself and all other customers of theirs who run Windows servers will have to live with several critical holes for at least two months. Is this common practice with mid-tier hosting providers? If so, may I ask Eastern-EU folks to please refrain from hacking my servers during the holiday season?"

Comment: Here is how vunlerability disclosure should work (Score 1) 123

by AngryDad (#41450741) Attached to: Did Microsoft Know About the IE Zero-Day Flaw In Advance?
This process was developed/implemented by HexView a few years ago (I worked for them at that time): Whoever finds the vulnerability likely has enough knowledge to roughly estimate what it takes to fix it and test the fix. He/she supplies all details to the vendor and gives them a hard time frame, e.g.: "I will release this data to the public 30 days from now". At the same time, vulnerability alert without details to prevent/delay re-discovery may be released to the public. If the vendor fails to resolve the vulnerability in a timely manner -- too bad, you were given enough time for fixing and testing.

Physician: One upon whom we set our hopes when ill and our dogs when well. -- Ambrose Bierce

Working...