> On Jan 9, 2019, at 10:51 , Saku Ytti <s...@ytti.fi> wrote:
>
> On Wed, 9 Jan 2019 at 20:45, Töma Gavrichenkov <xima...@gmail.com> wrote:
>
>> Nope, this is a misunderstanding. One has to *check* for advisories at
>> least once or twice a week and only update (and reboot is necessary)
>> if there *is* a vulnerability.
>
> I think this contains some assumptions
>
> 1. discovering security issues in network devices is expensive (and
> thus only those you glean from vendor notices realistically exist)
Not really… I think the assumption here is that you can’t resolve an issue
until the vendor publishes the fix. Outside of the open-source routing
solutions (and even for most deployments, including those), I would say this is
a valid assertion. (It’s more of an assertion than an assumption, IMHO).
> 2. downside of being affected by network device security issue is expensive
This depends on the issue, right?
Owen
