The cost of non-compliance: when policies fail
SIGUCCS '04 Proceedings of the 32nd annual ACM SIGUCCS conference on User services
A Formal Framework for Patch Management
International Journal of Interdisciplinary Telecommunications and Networking
| Hi-index | 0.00 |
Only a few years ago, the term "patch management" was not in the general vocabulary of even the most advanced information technology staff. Today, "patch management" is not only in the general vernacular of most IT staff, but it is also one of the more essential responsibilities of IT departments. Security threats stemming from the exploitation of vulnerabilities in software products pose an important problem to corporations, governmental agencies, educational institutions, banking, and many other entities. We can decrease the possibility of security threats by systematically applying patches to software products for which vulnerabilities have been identified.The patch management process is important to all aspects of an institution. The success of the patch management process depends on several critical elements, including senior executive support, identification of vulnerabilities, reporting, testing, and more. All of these elements contribute to the success of an organization's patch management process.This paper discusses the results of a survey of IT professionals which sought to determine the importance of these critical elements in the patch management process. The results of the survey provide insight into how organizations view these elements.