Former cybersecurity czar suggests patch clearinghouse
Who hasn’t installed a patch that ends up breaking another application? Wouldn’t it be nice if there were an independent group that tested patches with common applications? That is exactly what Richard Clarke, the White House’s former cybersecurity advisor, suggested this week at a CSO roundtable sponsored by scanning services provider Qualys. “Companies get patches from Sun, Microsoft and Oracle that they say are to fix problems but they don’t say what other things [the patches] would do to the network,” he said. Clarke envisions organization like CERT would handle the patch testing duties. It could test new patches against perhaps the top 100 applications from companies like Siebel, PeopleSoft and Oracle. Custom or proprietary applications would have to be tested in-house. Full Story