News

Industry needs to reassess software patching, experts warn

Cliff Saran
The controversy over Microsoft's recent patching efforts has highlighted the need for software users and suppliers to reassess how patches are deployed, IT industry experts have warned.

Earlier this month, Microsoft released a patch to secure a fundamental hole in Windows relating to a component of the operating system known as Dcom (distributed common object model). The patch came a matter of weeks after the software giant had issued a similar patch for the same Windows component.

Patching is becoming increasingly expensive, according to Russ Cooper, who runs the NTBugTraq security mailing list. He estimated that the Dcom patch would have cost businesses around £288 per desktop.

The Corporate IT Forum chairman David Roberts added that even a simple patch could have huge ramifications as modern software is highly integrated.

Roberts called for users and the industry to improve the quality level of their software. "Today we risk a domino effect if a system fails,” he said.

One IT manager who contacted Computer Weekly argued that securing any IT system would always involve constant updates. "IT systems have to continuously be tended to and secured,” he said. “It is almost like a living thing that needs a lot of care and attention to survive the vagaries of real life."

It is up to users to build more dynamic IT systems to cope with the nature of modern IT, which relies on constant patching, said Stuart Okin, chief security officer at Microsoft.

Companies also need to improve their patching processes, according to Ashim Pal, analyst at Meta Group. "Much of the problems with patching is of users' own doing,” he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy