12 Mar Get smart about patching security vulnerabilities
How can companies be free of security vulnerabilities? They could ferret out all the flaws in their computer products and patch them. They could prevent flaws from being exploited by shutting down systems. Of course, neither is good for business or the budget.
That’s the view of Peyton Engel, a technical architect who heads the security assessment team at CDW Corp., at the recent Fusion 2009 CEO-CIO Symposium in Madison, Wis.
Instead, companies need to spend less time reacting willy-nilly to security vulnerabilities and more time asking whether threats are likely to affect them, Engel said. He recommends companies identify the point of diminishing returns of patch management by weighing the probability and severity of the security vulnerability, rather than the severity alone.
Read full article>>