Regular patch schedules "two edged sword"

A security analyst Thursday took aim at the practice of some vendors to roll out patches on regular schedules, calling the practice a "two-edged sword".

A slowly-growing number of major software developers in particular but not limited to operating system makers now schedule hard dates for patch releases, rather than roll them out when they're finished. Such regularly patching has been popularised by Microsoft, which began the practice in October 2003, but it's been mimicked by the likes of Apple and Oracle. Thursday, Adobe added itself to the group, saying it would begin monthly patching in 2006.

"For maintenance releases small bug fixes, new features that's ideal. But it's a two-edged sword in security," said Chris Andrew, the vice president of product management and research at PatchLink, a Scottsdale, Ariz.-based enterprise patch management company. Regular patch schedules"two-edged sword" - Security -

Linked by shanmuga Friday, 16th December 2005 9:25PM