In 2006, the CERT program at Carnegie Mellon's Software Engineering Institute reported upward of 8,000 application vulnerabilities that required software patches--that's 30% more than in 2005. We've had years to get this process down, yet patching continues to cause a great deal of angst. We frequently see organizations that are more than a month behind on patch applications--and open to viruses and security violations. Why take that risk? Too many IT groups lack the tools, processes, and resources to patch effectively.

No fewer than 14 vendors are looking to rectify that situation. Each product has strengths and weaknesses, and we're hoping to get most of them into our Real-World Labs in the near future. See our automated patch management Rolling Review invitees and requirements at Rolling Reviews.

Ideally, patch management will be just one element of a comprehensive configuration management or software distribution system in larger shops. Smaller companies can get by with standalone tools, but many need several point products for different types of apps and devices. But however you manage it, automation is critical, as are documenting changes, testing to ensure that patches won't break other apps, and deployment policies to avoid bogging down networks.

(click image for larger view)