How Long Does it Take Vendors to Release Patches? 6
MasterMynd asks: "In the IT field I'm frequented with questions regarding security updates of the OS's that we use. In my IT department we use a real mixture of OS's for desktops in addition to our many NOS's. More often then not I don't have an answer as to the routine question of how soon a security patch will be available. Normally I give "It should be done in about a week" as my answer. But truth remaining I don't have any answer as to when it will be available because vendors aren't forthcoming about such info. Rumours and anecdoes abound in how long it normally takes to get a patch. Are there any current reports anywhere showing a comparison of how much time it takes to produce a patch or workaround from the time it's discovered until it's available for download, from the major NOS & Desktop vendors?" Ask computer security becomes more and more important, such resources will become invaluable. Any clues as to where such may be found?
easy (Score:1)
Honesty is the best policy (Score:1, Insightful)
How about a more honest "I don't know because the vendor hasn't announced a schedule." Or, "I'll install the patch as soon as it is available."
Securityfocus study (Score:2)
I can't find the whole thing, but there's
a summary at linux weekly news [lwn.net], and googling for "days recess security focus microsoft linux" or similar might help (days of recess is a measure of response time).
Sumner
Patch vs. disclosure (Score:1)