August 1, 2018

Patching Software

By Cindy H.

Though this makes a nice movie line (it was actually “we don’t need no stinking badges” from The Treasure of the Sierra Madre), it does not make a nice attitude for security patches. It seems that as soon as a product is released, it is followed by a software patch or service pack release.

“Why do I need that?  I just installed the software?”

The answer is in the question: “Why do I need that?” Because you just installed the software.

Just as sewing a patch over a hole on a pair of jeans fixes the hole, software patches are meant to fix holes in software. The best time to install a software patch is as soon as it’s made available from the vendor. Why? Because the very existence of the patch means a vulnerability has already been discovered and possibly even exploited. Of course in the commercial and government worlds, the patch should be tested in a testing environment just to make sure it doesn’t interfere with the functionality of other necessary programs.

There is only one instance in which “we don’t need no stinking patches” is an appropriate statement– When a vulnerability scan reveals that the environment is already properly patched. This is the goal of every IT Security Manager!

On the DPBU delivery, the ActioNet team has taken this proactive attitude to heart.  Our team is constantly reviewing vendor patch release sites to find the latest fixes, then immediately testing and implementing them.  Our team does not wait for a Compliance Notification Order to tell us to implement a fix.