Patching gets thumbs down


Patching gets thumbs down

Karl Cushing
Half of UK IT professionals are concerned about the cost and time taken to manage patches for security flaws.

The situation is particularly acute in enterprises with more than 5,000 employees, according to a report by ICM Research.

Of the 100 IT directors and managers of companies with over 500 employees polled in the survey, 45 claimed software providers' exisiting methods of sending out patches were too costly or of poor value. 

“Patches can be a real burden, and from a security standpoint a lot of patches are completely irrelevant,” said John Holland, senior vice-president for international operations at security firm TruSecure, which commissioned the study.

Holland pointed to earlier research carried out by the firm, which concluded that of the 4,129 vulnerabilities reported in 2002, less than 2% were exploited by hackers.

Suppliers are not giving users “appropriate” information and patch alert services are too “generic” - they do not take into account what individual companies need, he said.

"Users need added-value services that provide information on criticality to help them prioritise patch application and help balance the workload involved in implementing and testing patches.

Key findings

  • 3% of UK IT professionals thought the patch management information they received was 100% relevant to their individual business needs.
  • 45% are concerned about the cost and value of patch management for security flaws.
  • 61% of respondents said managing risk is more important than simply managing security at an operational level.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy