Random Entry: Student Forum
< Should vendors pay for security vulnerabilities? | Invalid Digital Signatures on Patches >

Patch Management in History

I was looking through Google groups for the earliest mentions of the phrase "patch management". It seems 1992 is the year, although the phrase seemed to be in common use before then. Sun, HP and BSD were three large vendors already dealing with the problems of patch management. It is very funny to read the comments in the messages and see recent research and articles with similar titles. Why has it been 13 years with only minor improvements?

This article from 1996 talked about how 80%-90% of intrusions are due to known vulnerabilities for which there is a patch. Currently CERT reports that 9/10 intrusions are due to known vulnerabilities for which there is a patch. If we take these stats literally, then patch management has gotten worse. In reality it look like it has stayed the same.

It is interesting to note that the three unix vendors mentioned above were dealing with many of the problems Microsoft has only recently had to face. Q: Is unix patch management more mature? A: Sometimes.

Wednesday, August 10. 2005
Posted by Dominic White in Masters
Comments (0) | Trackbacks (0)

Last modified on 2005-08-10 02:22

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry