Bryce T. Pier wrote: >I'm not going to further a MS vs unix argument but my point still stands on >windows. Yeah IE and windows have a lot of holes but as a security conscious >admin or manager you don't just say "well hell, lets put on anything we want, >200 potential holes isn't any worse than 100". IT business security is of >utmost concern whether its protecting windows, Unix, open source software, >etc. The same principles and practices must be followed. It's not a >developers ass on the line if there is data loss at your company. > >
That depends on the company. When data collection is what the software was developed to do, data loss is an important issue for the developers as well as the sys admins. >Configuration control isn't nearly as important as other security measures. > I would have to strongly disagree, misconfigured software can expose alot more holes. Chrooting can help even the most vulnerable or misconfigured systems but even a poorly configured chroot can be somewhat pointless. Stack-smashing-protection like http://www.trl.ibm.com/projects/security/ssp/ can secure some of the buggiest apps but misconfigureing the app can netgate those protections.