Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
I am extremely excited to announce that Rich Mogull and I believe we are ready to publish two key deliverables for Project Quant today and make them available for download.
I describe the other one, “Measuring and Optimizing Patch Management: an Open Model”, in another post.
Below is an excerpt from the survery summary and analysis and you can download the full report at http://securosis.com/research/publication/project-quant-survey-results-and-analysis/.
As part of the Project Quant community effort to develop a well-defined patch management cost model, the project team fielded a survey of patch management questions covering aspects of the patch management process. While we believe this survey, due to self-selective participation, is biased towards companies with active patch management efforts, the results were informative in that context. Key findings from the survey include:
I am also a contributor for the Microsoft Security Intelligence Report, where I look at vulnerability trends across the industry. One of the trends we’ve observed over the past several periods is that vulnerability research, as well as malicious attack trends, seem to be increasingly focused on non-OS software – applications, drivers and so on. Combining this trend with the Project Quant survey findings, we have:
These two finding together identify an clear call to action for administrators to review their patch management processes for ways to increase their ability to manage software assets beyond workstations and general servers.
Download the full report at http://securosis.com/research/publication/project-quant-survey-results-and-analysis/.
Regards ~ Jeff