RealNews

To patch or not to patch

We know one of the biggest security vulnerabilities is not technology per se but the implementation of technology, writes John McIntosh, Bloor Research. When it comes to security patches, we often find ourselves in a position where risk versus reward is uncertain. Nowhere is this more prominent that with Microsoft’s servers, as evidenced by Slammer. Microsoft’s UK Architects Council debated the patch management issue fairly recently, without a satisfactory outcome. Could do much better, was the opinion back to Microsoft. Though, to be accurate, not all of it was security-related. Patching for security reasons is a tough call – is the threat great enough to warrant it. System maintenance should be a structured and methodical exercise but security patches can throw a spanner in the works and give unforeseen results. There should be a better way to solving such problems without, as many do, hoping for the best – either with or without the patch – until you know what the impact of the patch is likely to be. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.