Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/2/2007
05:06 PM
Patricia Keefe
Patricia Keefe
Commentary
50%
50%

Got Time?

That whole time-change thing that has everyone rolling their eyes -- you know, early daylight-saving time? OK, it's not Y2K. (What could be?) And as I noted in a recent column (which goes into this issue in greater detail), no one is talking disasters of biblical proportions. But there is a little more to this than the momentary irritation of missed appointments and calendars being off an hou

That whole time-change thing that has everyone rolling their eyes -- you know, early daylight-saving time? OK, it's not Y2K. (What could be?) And as I noted in a recent column (which goes into this issue in greater detail), no one is talking disasters of biblical proportions. But there is a little more to this than the momentary irritation of missed appointments and calendars being off an hour.Think of all the time-sensitive systems out there today -- medical, manufacturing, financial, travel schedules, logistics scheduling and tracking, security systems (and doors and vaults) that open and close based on pre-programmed times. Anything that requires a precise time stamp for legal or audit trail reasons. Think of Sarbanes Oxley (Forrester Research says it will definitely be affected). State governments are certainly worried. Think maybe you should take another look at the systems that support your company's business, and reconfigure the impact?

Because ohhhh, yeah, there's definite fallout here if you don't get your applications and systems switched over to the new daylight-saving time date on time.

But there's more to it than that. Judging from the users I've been hearing from, it's just a time-sucking, cost-building pain in the butt to deal with. Look at PG&E's predicament. It simply decided this was too expensive a change to make, and got permission to bill customers differently to compensate for the impact. So why is this such a pain? Well, for one, too many vendors have wasted the head start they got to deal with this issue (the bill mandating the change was signed in the summer of 2005) and have gone right down to the wire in releasing their patches, which in some cases have to take into account various platforms, access modes, etc. It makes one wonder how well tested they are, and certainly doesn't leave IT much time to do it's own testing. One issue here is that many vendors thought they could leave the fix to the operating system brethren, and realized late in the game that they were wrong, says Ray Wang, a Forrester analyst who has co-written a report on this issue. And if they're late, - where does that leave users?

A lot of these patches are NOT going to work with older versions of software. As Mike Dimyan of Time-Warner pointed out recently, there aren't that many companies who can say they are running the latest version of all their applications. And at this point, he noted, even if vendors gave away the latest updates, most companies couldn't possibly get it installed in time.

So if you've got a mixed environment, you may find some daylight-saving time patches causing other problems even as they solve part of your time issues. Dimyan already has run into this problem. And what about those older versions? What's the fix for them? In some cases, it's going to be "ugly," Dimyan says. And then there's the software that will have to be manually updated, like your custom applications. And you do have customized apps, right?

So, while this problem is certainly solvable, it won't happen without some scrambling, a lot of manpower, a lot of testing and cross testing, a chunk of money and time. You may have plenty of the rest, but the one thing you don't have much left of, right now, is time.

Have you run into problematic patches, cross-compatibility issues, or no patch support for the versions of software you are running? Has your vendor either waited so long to issue a patch or posted such confusing information on its site that it's affected your efforts to update your systems? Tell us about it, and any solutions you've worked out, in the comment field below.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21574
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
CVE-2021-32708
PUBLISHED: 2021-06-24
Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the pa...
CVE-2020-18667
PUBLISHED: 2021-06-24
SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn.
CVE-2021-21571
PUBLISHED: 2021-06-24
Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability using a person-in-the-middle attack which may lead to a denial of service and p...
CVE-2021-21572
PUBLISHED: 2021-06-24
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.