Stop Wasting Money On Security
from the what-a-reasonable-suggestion dept
Yesterday we had the stories about sysadmins not plugging security holes where the researcher decided those sysadmins must be lazy. Most people here seemed to agree that there were plenty of valid reasons besides laziness to not plug a patch. Now, here’s an article saying that, in fact, many companies are wasting too many resources trying to plug security holes, when the actual risk of something bad happening are minimal. The article points out that companies should take a more reasonable approach to asessing the risk and costs of a security breach before willy nilly running to apply every “critical” security patch that gets thrown out there.