BGP Experiment
Töma Gavrichenkov
ximaera at gmail.com
Wed Jan 9 19:41:48 UTC 2019
On Wed, Jan 9, 2019 at 10:33 PM Owen DeLong <owen at delong.com> wrote:
> At the end of the day, this is really about risk analysis
> and it helps to put things into 1 of 4 risk quadrants
> based on two axes… Axis 1 is the likelihood of the
> vulnerability being exploited, while axis 2 is the
> severity of the cost/consequences of exploitation.
>
> Obviously something that scores high on both axes
> will have me rolling out the upgrades as rapidly as
> possible, likely within 24 hours to at least the
> majority of the network.
Good for you (not kidding). Not quite the same on average, as far as I can see.
> The other two quadrants are a grey area that
> becomes more of a judgment call where other
> factors specific to each operator and their
> customer profile will come into play.
> Some operators may have a high tolerance
> for high-probability low-cost problem, while
> others may find this very urgent, for example.
I agree with you; however, it's the other quadrant (high cost,
seemingly low probability) which is a real gray area IMO which allows
for collateral damage at a Hollywood blockbuster scale.
--
Töma
More information about the NANOG
mailing list