Security Watch

16 Patches: So, Are We Losing The Security Battle?

Almost 50 vulnerabilities addressed in one month.

What?

Sixteen patches.

Huh?

That was the symbolic reaction of many Windows security observers when Redmond dropped its advanced bulletin on our heads last Thursday.

It's a heavy burden for just this month. But what does it mean in the aggregate for patch management and in the long term for security? When all is said and done, 2010 will be remembered as a banner year for bulky patch releases, a year that will also illustrate the growing conundrum among some of the world's largest enterprise IT and software companies including Microsoft, Oracle and Adobe. It's a conundrum that really begins with several key questions major tech companies should be -- or actually are -- asking themselves:

  • How fast can we patch any given vulnerability?
  • Are we losing the battle to patch products and systems quicker than exploits can be spawned?
  • Should we roll out more pervasive patches?
  • And if we need to patch more, should we increase our frequency?

And here's the biggest question of all: "Will IT administrators using our products and services have any hair or patience left as the security situation locally, nationally and globally becomes more relevant -- or worse -- more perilous?"

Microsoft, Oracle, Adobe: Triple Whammy
IT security administrators will already have a busy week with Microsoft's patch releases, but admins who also run Oracle and Adobe systems will be buried. Following a big security update from Adobe comes news that a secret meeting occurred on merger talks between Redmond and Adobe systems. Aside from the obvious product synergies, Microsoft has also had to bear the some of the brunt of Adobe's security problems.

Against that backdrop: Microsoft's patches and a jaw-dropping 81-vulnerability patch from that other business software giant, Oracle.

Indeed, "Super Tuesday" no longer applies to elections.

Survey: IT Audits Reveal 'Significant' Security Problems
A survey of about 350 IT managers and network administrators conducted in the middle of last month found 45 percent of respondents said they've had an outside organization conduct a formal security audit at least once a year.

VanDyke Software commissioned Amplitude Research to conduct The Sixth Annual Enterprise IT Security Survey. Comparatively, a survey from the same period in 2009 shows 35 percent had reported conducting such an audit at least once a year. That means audits are growing, which could be seen as a good thing.

But there's always a flip side. That flipside is that more than half, 56 percent, expressed that the audits resulted in identification of significant security problems. Still, it's better to know than live in ignorance.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Reader Comments:

Fri, Oct 22, 2010 Tom

Well when I read the article I was reminded of the song: Sixteen Tons - Tennessee Ernie Ford. 'Another day older and deeper in debt', how true. Have a good weekend people.

Wed, Oct 13, 2010 Michael

Uh, maybe I'm just stupid, but....I clicked on the link in the paragraph about the IT audits...and the article it links to bears little resemblence to what Jabulani writes here. Jabulani writes about the percentage of companies that conducted a security audit. But the article in the link discusses something totally different - the percentage of reported unauthorized intrusions. I don't see how Jabulani got his information from this article, as there is no mention there about audits. Still scratching my head here...

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.