Earlier this month, Microsoft released a patch to secure a fundamental hole in Windows relating to a component of the operating system known as Dcom (distributed common object model). The patch came a matter of weeks after the software giant had issued a similar patch for the same Windows component.
Patching is becoming increasingly expensive, according to Russ Cooper, who runs the NTBugTraq security mailing list. He estimated that the Dcom patch would have cost businesses around £288 per desktop.
The Corporate IT Forum chairman David Roberts added that even a simple patch could have huge ramifications as modern software is highly integrated.
Roberts called for users and the industry to improve the quality level of their software. "Today we risk a domino effect if a system fails,” he said.
One IT manager who contacted Computer Weekly argued that securing any IT system would always involve constant updates. "IT systems have to continuously be tended to and secured,” he said. “It is almost like a living thing that needs a lot of care and attention to survive the vagaries of real life."
It is up to users to build more dynamic IT systems to cope with the nature of modern IT, which relies on constant patching, said Stuart Okin, chief security officer at Microsoft.
Companies also need to improve their patching processes, according to Ashim Pal, analyst at Meta Group. "Much of the problems with patching is of users' own doing,” he said.