I subscribe to the Secunica.com RSS feed for security vulnerabilities. Every day I'm inundated with security issues with numerous products. And, guess what? Most of them are non-Microsoft. Most of them are open source software. And, the funny thing is that when they are issued, there is already a patch available.
What does that mean? Well, it means the vendor didn't disclose the issue until a patch was available. Is that a good thing? I guess that depends on your idea of a "good thing" is when you realize these vulnerabilities have been there for a while and the vendor didn't want to communicate it until they could figure out a way to fix it. So, does that mean most vendors can't figure out a way to fix their products for six to eight months? Apparently.
How long are we going to sit here and wait for open source application vendors to get it right? Of course, to me there is no open source -- it's still just the freeware of yesterday.
Rod Trent, manager of
myITforum.com and a Microsoft MVP, is an expert on Microsoft Systems Management Server. He has more than 18 years of IT experience -- eight of which have been dedicated to SMS. He is the author of Microsoft SMS Installer, Admin911: SMS, and IIS 5.0: A Beginner's Guide and has written thousands of articles on technology topics. He can be reached at email@example.com.
This article first appeared in myITforum.com, the
premier online destination for IT professionals responsible for managing their corporations'
Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where
IT professionals actively exchange technical tips, share their expertise and download utilities
that help them better manage their Windows environments, specifically Microsoft Systems Management
Server (SMS). It is part of the TechTarget network of industry specific IT Web sites. To register
for the site and sign up for the myITforum.com daily newsletter, click here.
This was first published in May 2005