Skip to content
Home » security » Why Johnny can’t patch

Why Johnny can’t patch

I’ve spent nearly 2/3 of my career dealing with Microsoft patches at one level or another, so when it comes to excuses, I think I’ve probably heard them all.

This diary entry from the Internet Storm Center has good answers to the most common objections. I think a two-day patch cycle may be overly aggressive, and I know it drives infrastructure folks nuts when CISOs read stuff like this and then say, “Patch my stuff in two days like this guy,” but most organizations can take his advice, and even if they slow it down to 30 days instead of two, they’ll still be in a better place than they are today.

%d bloggers like this: