How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
When Windows XP reached its end of life, there were approximately 257 outstanding security patches required to bring the OS up to date — and this was considering cumulative versions for both commercial and business, as well as patch supercedence. Since the source code is closed, it never suffered from the fragmentation issues affecting many vulnerabilities, such as what we saw last year with the now infamous Shellshock — impacting a half-billion Web servers and other Internet-connected devices.
On September 24, 2014, when the bug was first disclosed, open source, Linux, OS X, embedded systems, and Unix all were affected and in total, versions available from 1994 (version 1.14) to 2014 could be exploited due to this GNU bash shell vulnerability. But in the intervening 12 months, a lot more needed to be done than just patching a single platform and bringing it up to date. That in itself is something many organizations still find difficult to do today.
To read the entire article, please click here.