NWC | Buzzcut | BuzzCut: Patches Shouldn't Be Our Problem | | September 16, 2002

Upcoming Events

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

N E W S / A N A L Y S I S

Patches Shouldn't Be Our Problem

September 16, 2002
By Lori MacVittie

Back in the day, patches were used to cover holes in your jeans, not in commercial software. That's not to say software didn't include "undocumented features." But the severity of defects was nowhere near the level it is today, and we could afford to postpone fixes until the rollout of a subsequent software release.

Today, patches are not only commonplace, they're expected. And not just by customers, but by vendors. When Microsoft released Windows 2000, it did so knowing that the code stream contained thousands of defects. SP1 alone fixed more than 600 of these defects (see List of Bugs Fixed in Windows 2000 Service Pack 1.") Certainly some of them were minor, but it makes you wonder how many resulted in the rampant spread of Code Red, Nimda and other viruses.

Patch management today is a full-time job. You must keep track of all the patches available and micromanage them to ensure that the changes applied through installing a patch do not adversely affect production software. Companies need a mirror of their production environment simply as a test bed for the patch o' the week. Organizations need a tracking system to ensure they know which patch was installed when and on what machines. And the poor people managing it all need a vacation.

Getting to market on time is important for credibility, but not at the expense of security. Vendors need to take a more proactive approach to ensure that products aren't released before they're ready. While zero-defect software may be a myth (and as a developer I'll readily agree to that), it should be the goal. An organization should not have to hire staff dedicated solely to patching OSs and application software. And customers should not be unwitting beta testers. But it is routine for many software producers to treat first releases as beta products and ignore the needs of those who suffer from their shoddy Q&A practices and laissez-faire attitudes toward product quality. (For a review of patch-management tools, see "PatchLink Helps Keep Windows Closed.")

--Lori MacVittie, lmacvittie@nwc.com)

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

Disk Storage, Heal Thyself

No-maintenance RAID arrays will deliver more efficiency and higher performance, and save money to boot by obviating expensive maintenance plans through built-in spares and other self-healing features. IT groups, especially those with remote locations, could save themselves a bundle by adopting this technology sooner rather than later.

Silo to Gold Mine: What CMIS Can (and Can't) Do for ECM Integration

Enterprises know they could wring more value from their enterprise content management system investments. Unfortunately, integration and interoperability are sticking points. In this Strategy Session report, we investigate whether Oasis' new open Content Management Integration Services standard could be the answer to these woes.

Download: 10 Gotchas That Derail ECM Initiatives

Enterprise content management deployments are fraught with dangers, such as weak search capabilities and poor requirements definitions, that can grind projects to a halt. This report helps CIOs and project leaders move beyond gridlock, choose the right tools and foster seamless integration.

Video

Network Computingwww.networkcomputing.com

Home

News and Analysis

Tech Centers

Channels

Bloggers

Upcoming Events

Executive conference

Vendor Newsfeed

Subscribe to Newsletter

Best of the Web

Data deduplication: Declawing the clones

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

WAN Optimization Whitelists and Blacklists

WAN Optimization as a Managed Service: It's Not About the Cost

Premium Content

Disk Storage, Heal Thyself

Silo to Gold Mine: What CMIS Can (and Can't) Do for ECM Integration

Download: 10 Gotchas That Derail ECM Initiatives

Video

Most Popular

Whitepapers

BlogRoll