Microsoft Patches Up Its Patch Approach - InformationWeek

Microsoft Patches Up Its Patch Approach

The software vendor plans to reduce the number of patch installers it offers from eight to two by year's end.

Microsoft is reworking its software-patch management approach and plans to reduce eight patch installers to two by year's end.

The company is about to publish a road map for releasing software that helps IT departments fix Microsoft products to guard against hacker attacks, chief security strategist Scott Charney said during a speech and interview at Microsoft's TechEd conference in Dallas on Tuesday. By the end of the year, Microsoft plans to offer customers two patch installers—one for operating systems and one for applications—versus the eight that are available today. That could go down to one by the time Microsoft ships "Longhorn," the next version of its Windows desktop operating system, due in 2005. Difficulty managing installation technology for security patches has caused uptake to be too low, Charney said.

"Patch management was broken," he said. About 95% of hacker attacks occur against known vulnerabilities in software, Charney said. Patches issued by Microsoft have been too difficult to use and their quality has been too low, partly because internal competition among Microsoft developers to build better patch-management software caused too many to reach the market. "We were making it more difficult than it had to be." By the end of the year, he said, "you'll have one set of tools that can look across the whole Microsoft spectrum and tell you what you need."

Charney, the Justice Department's former cybercrime chief and a former principal at PricewaterhouseCoopers, joined Microsoft in April 2002 to work on computer security, privacy, and public-policy issues. He reports to Microsoft chief technical officer Craig Mundie.

The slowdown in IT spending and investment has let technology companies pay more attention to quality, testing, and security without market penalty, Charney said. "Internet time is dead," he said. But "as we continue to move to new technologies, the bad guys are going to follow us and innovate." In response, Microsoft has been encouraging more discussion about security technologies across its product groups, and it formed a patch-management working group.

In other security-related announcements, Microsoft said it plans to develop new security software with software vendor VeriSign Inc. and will offer new security certifications for systems administrators and engineers trained in Microsoft technology.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Don't Collect Biometric Data Without Providing Notice
Lisa Morgan, Freelance Writer,  2/1/2019
AI and the Next Recession
Guest Commentary, Guest Commentary,  1/24/2019
The Title Machine Learning Engineer Will Start to Disappear
Guest Commentary, Guest Commentary,  2/7/2019
Register for InformationWeek Newsletters
Current Issue
Security and Privacy vs. Innovation: The Great Balancing Act
This InformationWeek IT Trend Report will help you better understand and address the growing challenge of balancing the need for innovation with the real-world threats and regulations.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll