Poor patch practice presents professional performance problems

If you’ve spent more than a decade covering software application development news, then the old “survey says” xyz% of software projects are likely to fail, come in over budget and/or be late is not a story worth telling any more.

If however, you hear this story told from a patch and software update perspective, then perhaps there’s room for a new angle here?

SMB IT solutions provider GFI Software has indeed released such a survey.

The company suggests that its results “reveal” that half of businesses have suffered at least one business critical IT failure as a result of installing a bad software patch.

Having just completed a software-debugging feature for the government’s National Skills Academy I have testing very much in mind this week.

As I noted in my feature, the software testing role itself is multifarious in nature. How can all these software engineering roles possibly let through so many software bugs and incompatibilities introduced by badly developed software updates?

• Test Designer/Architect
• Unit tester
• Test Manager/Test Team Leader
• Automation Developer
• Test Administrator/Test Process Manager
• Systems Integration Tester
• Software Quality Assurance Manager
• Software Validation/Verification Engineer

With these formally delineated testing roles in mind, GFI Software’s survey has said that companies are commitment to deploying critical updates quickly — 90% of those surveyed applying patches within the first two weeks after they are released.

So does this represent trust in patches — and so its fine for the testing team not to be involved?


According to GFI Software, for many firms this process remains a manual one, with 45% not using a dedicated patch management solution to distribute and manage software updates. This lack of automation is a major contributing factor that explains why 72% of surveyed decision makers do not deploy within the all-important first 24 hours after a critical patch is released to the public.

“The stark figures revealed by this research reinforce the importance of testing patches before deploying them in a production environment. Patch management solutions help keep the balance between maintaining productivity – testing patches to make sure they do not interfere with the business environment – and applying security patches in a timely fashion to avoid compromising security,” said Cristian Florian, product manager at GFI Software.

“Patch management solutions such as GFI LANguard 2011 can also roll back problematic patches and get the company back to work in a fraction of the time compared with a manual uninstall process or, worse still, a PC rebuild,” Florian added.

Additional key findings:

• 51% of those surveyed said their organisations did not have a rigid policy regarding the installation of critical software updates
• 25% of respondents have suffered multiple IT failures as a result of buggy patches or compatibility issues created by a software update
• The personnel sector is the biggest user of dedicated patch management solutions, due to the lack of dedicated on-site IT support in most recruitment offices