The Ashimmy Blog: More on 3rd party patches

April 05, 2006

More on 3rd party patches

Good article in SC Magazine on the results of a survey about using 3rd party patches. 45% of US CIOs, SCOs and IT managers and 31% of those in UK thought it was all right if an official one was unavailable and a zero day exploit threatened their systems. Interestingly though, only 13% deployed the 3rd party patch for the WMF exploit this past January. This says to me that though they might be willing to deploy the 3rd party patches if they feel really threatened, it is really going to take something to make that % of deployed move from 13 to 45%.

Other interesting info was that overwhelmingly (74%) regular patch cycles like MS Patch Tuesday improved their overall security patching process. But about half would like to see a combination of some patches, especially those with zero-day implications released right away, while maintaining the regular schedule for the rest. I read that as people are scared to death of zero day attacks. I think overall the security industry has done a great job, maybe too good a job of banging the drums on zero day stuff.

Posted at 10:20 PM in General Security, other security companies, patching, Web/Tech | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d83463961769e2

Listed below are links to weblogs that reference More on 3rd party patches:

» Why Are Third Party Patches My Only Choice? from mcwresearch.com
I read an article by Alan Shimel of Sillsecure about the third party patches issue. At the end he said I think overall the security industry has done a great job, maybe too good a job of banging the drums on zero day stuff ... [Read More]