News

Patching gets thumbs down

Karl Cushing
Half of UK IT professionals are concerned about the cost and time taken to manage patches for security flaws.

The situation is particularly acute in enterprises with more than 5,000 employees, according to a report by ICM Research.

Of the 100 IT directors and managers of companies with over 500 employees polled in the survey, 45 claimed software providers' exisiting methods of sending out patches were too costly or of poor value. 

“Patches can be a real burden, and from a security standpoint a lot of patches are completely irrelevant,” said John Holland, senior vice-president for international operations at security firm TruSecure, which commissioned the study.

Holland pointed to earlier research carried out by the firm, which concluded that of the 4,129 vulnerabilities reported in 2002, less than 2% were exploited by hackers.

Suppliers are not giving users “appropriate” information and patch alert services are too “generic” - they do not take into account what individual companies need, he said.

"Users need added-value services that provide information on criticality to help them prioritise patch application and help balance the workload involved in implementing and testing patches.

Key findings

  • 3% of UK IT professionals thought the patch management information they received was 100% relevant to their individual business needs.
  • 45% are concerned about the cost and value of patch management for security flaws.
  • 61% of respondents said managing risk is more important than simply managing security at an operational level.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy