The best medicine for application flaws is automated patch management. To kick off our latest Rolling Review, we'll size up key trends and vendors.
In 2006, the CERT program at Carnegie Mellon's Software Engineering Institute reported upward of 8,000 application vulnerabilities that required software patches--that's 30% more than in 2005. We've had years to get this process down, yet patching continues to cause a great deal of angst. We frequently see organizations that are more than a month behind on patch applications--and open to viruses and security violations. Why take that risk? Too many IT groups lack the tools, processes, and resources to patch effectively.
No fewer than 14 vendors are looking to rectify that situation. Each product has strengths and weaknesses, and we're hoping to get most of them into our Real-World Labs in the near future. See our automated patch management Rolling Review invitees and requirements at Rolling Reviews.
Ideally, patch management will be just one element of a comprehensive configuration management or software distribution system in larger shops. Smaller companies can get by with standalone tools, but many need several point products for different types of apps and devices. But however you manage it, automation is critical, as are documenting changes, testing to ensure that patches won't break other apps, and deployment policies to avoid bogging down networks.
IT's Reputation: What the Data SaysInformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.