Darren Spruell wrote:
At least in a traditional non-virtualized firewall model, the attacker
would have to pull out real exploits and attack real (secured)
services to compromise the firewall, and it wouldn't fall at the same
time as the other hosts.
Yes, these kinds of of flaws have (so far) been able to be patched, but
When I provided patch support for Solaris 10, the number of times that a
patch would not add to the global zone, thus affecting all local zones
on the host, was fairly common. This affected airlines, banks and oil
companies that you have heard of......
I know an OS is different to a VM platform, but you are still relying on
someone else to do their bit. And just because you have a lottery ticket
worth of support contract does not mean that it will actually get
patched in a timely manner, from experience....