Vulnerability quiz: Question No. 5We continually hear that applying patches and proper patch management is the answer to a majority of our security woes. Why is this illogical?
C. Patching only deals with known software flaws.
Patches only deal with about 40% of the network and system vulnerabilities in an environment. The other 60% are related to issues like weak passwords, improper registry settings, weak NTFS permissions, backdoors, unsecured accounts, etc. Applying a patch that protects you from the latest SQL injection attack does not mean that your systems are properly locked down.