- Spreads the exposure time, creating a much larger window in which updates may be deployed, reducing the number of systems affected, and reducing the likelihood of a targeted attack succeeding.
- Prevents targeted 'midnight' updates in which an attacker can deploy code at-will to target systems during hours that nobody will be around to see them.
- Requires producing reasonable looking update notes, which will likely be noticed by everyone involved in the release process, resulting in an additional warning to those that can detect the issue.
A silent update can go out without anyone knowing that an update was even deployed.
This argument works the same way in reverse. If an exploit is discovered, manual updating spreads the update time, creating a much larger window in which exploits may be deployed, increasing the number of systems affected, and increasing the likelihood of a targeted attach succeeding.
A big difference is that the exploit can't be pushed to every single device in the world that is running the software in question and phoning home for updates.
- Spreads the exposure time, creating a much larger window in which updates may be deployed, reducing the number of systems affected, and reducing the likelihood of a targeted attack succeeding.
- Prevents targeted 'midnight' updates in which an attacker can deploy code at-will to target systems during hours that nobody will be around to see them.
- Requires producing reasonable looking update notes, which will likely be noticed by everyone involved in the release process, resulting in an additional warning to those that can detect the issue.
A silent update can go out without anyone knowing that an update was even deployed.