William Herrin bill at herrin.us
Sun Sep 28 06:39:15 UTC 2014

On Fri, Sep 26, 2014 at 11:11 PM, Keith Medcalf <kmedcalf at dessus.com> wrote:
> On Friday, 26 September, 2014 08:37,Jim Gettys <jg at freedesktop.org> said:
> ""Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy
> Code in Zero-Day Vulnerabilities",  by Clark, Fry, Blaze and Smith makes clear
> that ignoring these devices is foolhardy; unmaintained systems become more
> vulnerable, with time."
> It is impossible for unchanged/unmaintained systems to develop more
> vulnerabilities with time.  Perhaps what these folks mean is that
> "vulnerabilities which existed from the time the system was first
> developed become more well known over time".


Any statement can be made foolish if you tweak the words a little.
They said, "Unmaintained systems become more vulnerable with time," a
reasonable and possibly correct claim. You paraphrased it as,
"unmaintained systems develop more
vulnerabilities with time," which is, of course, absurd.

The vulnerabilities were there the whole time, but the progression of
discovery and dissemination of knowledge about those vulnerabilities
makes the systems more vulnerable. The systems are more vulnerable
because the rest of the world has learned more about how those systems
may be successfully attacked.

Bill Herrin

William Herrin ................ herrin at dirtside.com  bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?

More information about the NANOG mailing list