Rich Freeman via plug on 17 Dec 2020 08:40:45 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] OT: SolarWinds

On Thu, Dec 17, 2020 at 9:24 AM Rich Kulawiec via plug
<> wrote:
> However, based on what we do know as of this moment: anybody still running
> SolarWinds should rip it out by the roots right now and activate their
> procedures for archiving/scrubbing/rebuilding compromised systems.

While I get your argument, keep in mind the likely consequence of
everybody doing this would be that in the future vendors will cover up
any security issues and not inform their customers of compromises like

Ultimately what matters is what a vendor does in the future, not what
they've done in the past.  The past is of course a good predictor of
the future, but it isn't actually the thing you care about.  I think
one element of due diligence has to be looking at how a vendor
actually handles security incidents when they do occur, and you can't
evaluate that if you only select vendors who have "never" had a
company-threatening incident.  Maybe that is because they're just that
good.  Or maybe it is because they're just that good at hiding the
truth from you.

Be careful that you don't evaluate your vendors primarily on how good
they are at lying to you...

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --