Remote net probe reveals sloppy software upkeep
A unique study of hundreds of live internet servers shows that many computer administrators do not repair even the most serious computer bugs.
The research shows that only seven out of 10 systems administrators did not fix a major software bug when it was first announced. And three out of 10 did not to bother to fix the problem even when it was used to spread a damaging computer worm.
Eric Rescorla, a computer security consultant in California, remotely probed internet computers over six months to assess of bug fixing practises. He found an indifferent and sometimes lazy attitude towards security.
Rescorla began his study at the end of July 2002, after a bug was discovered in web server software used to encrypt browser communications. The study continued until September when a computer worm known as Slapper was released that used the vulnerability to infect machines.
[ Read more ]
- Article: Security holes... Who cares? (18 November 2002)
- Article: Timing the Application of Security Patches for Optimal Uptime (12 November 2002)