Unfortunately, the
wait leaves you high and dry and vulnerable from the discovery of the vulnerability to
the release of its corresponding patch. For this reason, it is at least useful to understand
some of the issues involved with patching binary images.
Source Code Patching Considerations
As mentioned earlier, patching source is infinitely easier than patching at the binary
level. When source code is available, users are afforded the opportunity to play a greater
role in developing and securing their applications. The important thing to remember is
that easy patching is not necessarily quality patching. Developer involvement is essential
regardless of whether we can point to a specific line of source code that results in a
vulnerability, or whether the vulnerability is discovered in a closed source binary.
When to Patch
The temptation to simply patch our application??™s source code and press on may be a
great one. If the application is no longer actively supported and we are determined to
continue using it, our only recourse will be to patch it up and move on. For actively supported
software it is still useful to develop a patch in order to demonstrate that the vulnerability
can be closed. In any case it is crucial that the patch that is developed fixes not
only any obvious causes of the vulnerability, but also any underlying causes without
introducing any new problems.
Pages:
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847