PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
December 2003

Playing patch up: It's time to change the patch management process

Greg McGill is so tired of IT staffers haphazardly deploying broken patches on his network that he's considering a labor-intensive, highly regulated patch brokerage -- rather than an automated commercial solution -- to oversee vulnerability remediation. "In a large enterprise, you need to guard against the zeal of sysadmins trying to keep their systems so up to date that they err in the wrong direction -- a problem we probably would not have predicted two years ago," says McGill, a network architect at Blue Cross/Blue Shield of Alabama. That's because in the last two years -- and particularly the last 12 months -- the infosecurity community has been consumed with fixes and upgrades to seal software vulnerabilities. While the number of reported vulnerabilities actually decreased in 2003 from the previous year, the acute problems brought on by several major malware outbreaks makes this "The Year of the Patch." No other area of infosecurity has created as many headlines -- and headaches -- as patch management and the consequences ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue