Article

Why do we patch?

Anne Stanton and Susan Bradley

The complete patch management book Get a glimpse inside the e-book "The complete patch management book" by Anne Stanton, president of Norwich Group, and Susan Bradley, Microsoft Small Business Server MVP. This series of book excerpts will help you navigate Chapter 1, "What is patch management?," courtesy of Ecora. Click for the complete book excerpt series.


Why do we patch?

It is obvious that we patch because software is not processing commands correctly. This mis-processing could range from elevation of privilege to information disclosure. Threat modeling, a text that explores what an adversary might attain by exploiting a flaw defines the following threat categories:

  • Spoofing identity
  • Tampering with data (also called integrity threats)
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Patch management ensures that correct code replaces incorrect code. However, it is not the only way to reduce risk. The patch management process also includes mitigation techniques that are not actual patches but include additional procedures to protect networks if the patch is not available, or if admins cannot apply it to a network, or if there are other reasons that preclude applying the patch.

Footnote: Swiderski, Frank and Window Snyder "Threat modeling," Redmond, WA: Microsoft Press 2004.

Click for the next excerpt in this series: What is included in a Microsoft patch?


Click for book details or get more information from Ecora.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: