Patched server, or working server. Pick one...
Well a non-working server is a secure server at least.
IBM has withdrawn a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems. Just this week, Big Blue said it is working on a new fix for CVE-2018-1567, a remote-code execution vulnerability in versions 9.0, 8.5, 8.0, and 7.0 of the platform. The bug has received …
As a development platform, what is the chance that web applications had been built to a bug, and IBM simply didn't have a regression test for that bug? Then again, I haven't WebSphere API documentation for over a decade, and I don't remember how good it is. The point being that when API documentation is weak, developers are forced to fidget to figure out how things work, and that's one of the reasons developers sometime code to a bug rather than the actual API.
Why do you think IBM offers outsourcing? To get their staff to "support" their dying products.
There's only so much golf, booze, luxury accommodation and people of negotiable value that an exec can be exposed to. And unfortunately for IBM, that is significantly less than the amount required to get a mentally capable exec to support the rollout of Websphere or Notes. That's also the reason IBM pitch to government departments....
*meekly raises hand from the back*
Not by my choosing, of course. Rest assured if you run any enterprise software that IBM had anything to do with ever, they tried to cram WebSphere, UrbanCode, and RTC into it. And probably NetBEUI and Token Ring, too.
Here's an amusing tale: according to this article, the fscked security patch was released on September 5th. I wasn't actually notified about the availability of said patch until October 8th. I don't know whether to be furious or relieved by IBM's tardiness in issuing security advisories for its products.