the "but muh security" argument is absolute horseshit 99% of the time. and the 1% that actually need it, are going well beyond automatic updates to secure their systems.
If you look at the background radiation of the Internet of automated things just hitting services to probe for exploits, they are most commonly looking for exploits from bugs in older software.
There's a timing argument - that unless you're at risk of zero days (like you're the DOD) - that you probably don't need to upgrade immediately. But it seems unarguable to me that the longer you wait, the greater the risk from a security perspective.
As always, security is a trade off. Risk of breaking from an update has to be balanced against risk of exploit. I'd argue the latter is going up more quickly than the former.
38|1 year ago
trog|1 year ago
There's a timing argument - that unless you're at risk of zero days (like you're the DOD) - that you probably don't need to upgrade immediately. But it seems unarguable to me that the longer you wait, the greater the risk from a security perspective.
As always, security is a trade off. Risk of breaking from an update has to be balanced against risk of exploit. I'd argue the latter is going up more quickly than the former.
LorenzoGood|1 year ago
Tepix|1 year ago