We know one of the biggest security vulnerabilities is not technology per se but the implementation of technology, writes John McIntosh, Bloor Research. When it comes to security patches, we often find ourselves in a position where risk versus reward is uncertain. Nowhere is this more prominent that with Microsoft’s servers, as evidenced by Slammer. Microsoft’s UK Architects Council debated the patch management issue fairly recently, without a satisfactory outcome. Could do much better, was the opinion back to Microsoft. Though, to be accurate, not all of it was security-related. Patching for security reasons is a tough call – is the threat great enough to warrant it. System maintenance should be a structured and methodical exercise but security patches can throw a spanner in the works and give unforeseen results. There should be a better way to solving such problems without, as many do, hoping for the best – either with or without the patch – until you know what the impact of the patch is likely to be. Full Story