Rapid Fix and Deployment – The next big security metric for Microsoft

With Microsoft’s increase in patch Quality Assurance and the increase in Vista security, Microsoft customers may now begin to request quicker patch cycles and turnaround time after zero-day vulnerabilities are announced.

Microsoft created Patch Tuesday in response to customer feedback regarding patching cycles. Customers are happy. I’m happy.

True: there are occasional patch QA errors. For the most part, one must agree that MS patches do not break applications as they once did. So, customers may now think of requesting quicker fixes due to Black Wednesday. The old rule will still apply: test the patch before installation into production. The cycle may be quicker, though.

Vendors have always been assessed for the timeliness it takes to create and release their patches to the public, so this is not “new” per se.

The new emphasis on vulnerability metrics may not be total number of vulnerabilities per OS, but a shift to a stronger focus on time of patch creation and public release given a vulnerability announcement.

The total vulnerability metric will not be discarded, it just will no longer be the primary focus.

Post a Comment

Your email is never published nor shared. Required fields are marked *