WatchGuard Wire
Improve Your Security IQ
Adobe moves to a regular quarterly patch cycle.
21 May 09 -- This week, Adobe announced they plan to follow
in Microsoft's lead and move to a regular quarterly patch cycle.
In fact, they plan to piggyback their patch day on the exact same day as Microsoft's patch
day; the second Tuesday of the month.
I'm not sure how I feel about other vendors sharing Microsoft's
specific patch day. On one hand, I can see the benefit of all vendors
releasing their patches around the same time. This would allow
administrators to create a regular patch schedule, which is a
good thing. On the other hand, can administrators keep up with all these patch
releases on the same day? There are months when Microsoft released
more than 12 security bulletins, which can translate to hundreds of
patches (depending on how many versions of MS products you have). If
you actual test patches before deploying them, deploying all of Microsoft's patches alone could take more than one day. What
happens when multiple vendors release patches on the same day? I'm afraid
that with a super packed patch day, some patches could get lost in the
noise.
In general, I'm glad that Adobe is moving to a regular patch cycle.
I would like to see all software vendors move to this type of cycle,
and perhaps even release their patches near the same time. However, I
think vendors should probably think about standardizing on a patch week rather than the exact same patch day. Otherwise, some IT organization might
get overwhelmed and miss a few important patches. -- Corey Nachreiner, CISSP
Copyright© 2009 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
