April 8th, 2003, 02:58 PM
Stability vs. Security
One issue that seems to come up often is whether to apply a patch immediately or wait to ensure its stable, etc.
In an eWeek article, ISS was quoted as saying:
I know that froma security standpoint you want to apply patches and updates that protect your system from known vulnerabilities. I am curious of others thoughts on balancing that versus the stability of the system.
Databases are also particularly vulnerable to attack, since DBAs are loathe to install patches that haven't been thoroughly tested
As they mentioned in the quote, if you have a mission-critical datbase that is running flawlessly and a new vulnerability is announced that is critical- do you patch immediately and risk screwing up the database, or do you hold off and risk getting hit by the vulnerability?
Here is the full article: Databases Ripe For Attacks