• 1984@lemmy.today
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    I work at a medium size company with hundreds of Linux servers and none of them get updated. Because it’s more important that they keep running as they are than to have the latest updates. I bet this is very common for most companies.

    • bushvin@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      There is nothing more important than security patches on a system.

      I used to work at an FMI, which’s motto was “keep things stable”. Even the ciso department bought that crap. Until we hired a white hat hacker. The only thing given was the name of the company. He managed to get into the building, access an employee’s workstation and install a root kit on one of the most important financial message tracking systems (you know, the one that instructs other systems to transfer money), using a security bug, which would have been patched if they kept a regular (security) update cycle. After shit hit the fan, many people were fired and an update cycle was introduced.

      No system is important enough to not patch. And if you believe it is, you’re wrong.