It seems that security tips for our software often extend to keep up to date with your software. This strategy alone, means two things:

• You can trust everyone everywhere to responsibly disclose vulnerabilities to your vendor;
• When a new release is made public, the race is on… will you upgrade before the attacker diff’s the packages and codes an exploit.

What you really want is defense in depth

Benjamic Franklin’s famous quote seems relavent: By failing to prepare, you are preparing to fail.

For most of us, I think we can manage a few downtime days. BlogSec suffered from a DNS problem recently, which really threw a spanner in the works. We were able to recover, but I can’t help but think that we would have done well to heed Shakesphere’s words:

If you have tears, prepare to shed them now.

Creating a defense in depth strategy involves putting up a number of cyber-barriers or -checkpoints and making certain assumptions. A wise strategy will expect certain if not all areas to be breached.

In time of peace prepare for war.