Long-time Exchange developer Larry Osterman had a great blog entry today titled “Remember the Giblets”. An excerpt:
“Giblets” are the pieces of software that you include in your product that you don’t always remember. Like zlib, or LHA, or MSXML, or the C runtime library. Whenever you ship code, you need to consider what your response strategy is when a security hole occurs in your giblets. Do you even have a strategy? Are you monitoring all the security mailing lists (bugtraq, ntbugtraq) daily? Are you signed up for security announcements from the creator of your giblets? Are you prepared to offer a security update for your product when a problem is found in one of your giblets? How do your customers know what giblets your application includes?
As administrators, how much do you know about the giblets on your servers? Are you paying attention to them, or only to the big chunks (like Exchange or SQL Server)?
Paul's Down-Home Page 