Except that most risks are from bad leadership decisions. Exhibit A: patches exist for so many vulnerabilities that remain unpatched because of bad business decisions.
I think in a theoretical sense, she is correct. However, in practice things are much different.
My old job had so many unpatched servers, mostly Linux ones. Because of the general idea that “Linux is safe anyway”. And because of how Windows updates would often break critical infrastructure, so they were staggered and phased.
But we’ve seen plenty of infected Linux packages since, so it’s almost a given there’s huge open holes in that security somewhere.
Except that most risks are from bad leadership decisions. Exhibit A: patches exist for so many vulnerabilities that remain unpatched because of bad business decisions.
I think in a theoretical sense, she is correct. However, in practice things are much different.
My old job had so many unpatched servers, mostly Linux ones. Because of the general idea that “Linux is safe anyway”. And because of how Windows updates would often break critical infrastructure, so they were staggered and phased.
But we’ve seen plenty of infected Linux packages since, so it’s almost a given there’s huge open holes in that security somewhere.
I’m glad you left that old job. They were just lax and stupid.
No. Her “theory” is full of garbage assumptions.