Industry needs to reassess software patching, experts warn

News

Industry needs to reassess software patching, experts warn

Cliff Saran
The controversy over Microsoft's recent patching efforts has highlighted the need for software users and suppliers to reassess how patches are deployed, IT industry experts have warned.

Earlier this month, Microsoft released a patch to secure a fundamental hole in Windows relating to a component of the operating system known as Dcom (distributed common object model). The patch came a matter of weeks after the software giant had issued a similar patch for the same Windows component.

Patching is becoming increasingly expensive, according to Russ Cooper, who runs the NTBugTraq security mailing list. He estimated that the Dcom patch would have cost businesses around £288 per desktop.

The Corporate IT Forum chairman David Roberts added that even a simple patch could have huge ramifications as modern software is highly integrated.

Roberts called for users and the industry to improve the quality level of their software. "Today we risk a domino effect if a system fails,” he said.

One IT manager who contacted Computer Weekly argued that securing any IT system would always involve constant updates. "IT systems have to continuously be tended to and secured,” he said. “It is almost like a living thing that needs a lot of care and attention to survive the vagaries of real life."

It is up to users to build more dynamic IT systems to cope with the nature of modern IT, which relies on constant patching, said Stuart Okin, chief security officer at Microsoft.

Companies also need to improve their patching processes, according to Ashim Pal, analyst at Meta Group. "Much of the problems with patching is of users' own doing,” he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy