Skip to content
I participate in IT professional industry forums, where peers ask questions of other peers. Someone in the forum made a somewhat disjointed post questioning the severity for the recent Meltdown and Spectre security vulnerabilities. I paraphrase his long question:
About Meltdown and Spectre? I’ve seen a few posts in here about it, and tons of articles on the web….all the articles speculate on various exploit risks. I’m an IT guy, but not an engineer at the level of some of you guys. I’m posting this in all seriousness. I don’t grasp the difference yet… yes, the issue is with the hardware that can’t be changed (like bad code in a program), but doesn’t software have to access the hardware to take advantage of the exploit? Please, no flames, I just want to know how to position myself for my clients and what to say to them, to be as completely protected as possible. Thanks.
My response:
Off the top of my head, there are a number of concerns I have about why this is such a big deal. But, I am sure there are many other legitimate reasons.
Here they are in short summation:
- The breadth of the flaw affects essentially every person and company owning PCs, laptops, tablets, phones, and who knows what else.
- It affects virtually all operating systems, hosts, and virtual machines.
- It affects nearly all processors made from 1995 to today.
- If you are in a shared cloud environment, it could be your neighbor on the same host who gets infected and compromises your system. Or, it could even be a bad guy signing up for cloud services to exploit neighbors on the host they share with him.
- Nearly all applications and browsers are affected at this time.
- Fixes for such a universal problem will take more than a decade to completely eradicate. Therefore, for years to come we are going to be hearing about breaches related to this problem, because we all know there are millions who will do nothing to secure their systems. Others will be responsible, but it only requires missing one system. When you have hundreds or thousands of systems, it takes diligence not to miss stuff in existing deployments or not to miss something in a new deployment.
I could go on, but clearly this is a widespread, undiscriminating problem that will prove to have endurance throughout years to come.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a type of software testing performed by Alvaka after a software patching sequence to ensure that the system is working correctly and to identify any misconfigurations or conflicts within the patched system.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.
You want to enter in a fully burdened labor rate for this field. What that means is that you want to take the base hourly rate, plus 25-30% for employer payroll taxes, benefits, vacation/holiday time, etc.
Smoke testing is a term used to describe the testing process for servers after patches are applied.