Federal Government Flunks Patch Management

When hacks happen, victimized companies often say they couldn't afford the latest-and-greatest security tools and technologies. But in reality, the vast majority of security incidents likely involve some sort of (A) human error or (B) lack of formalized processes for the basics -- like patch management.

Consider the situation in the federal government -- where multiple agencies (including the Office of Personnel) have been under fire for security breaches. Of all the vertical markets, the federal government has the worst track recode for remediating known application vulnerabilities. Indeed, the feds only work to address 27 percent of known vulnerabilities, according to Veracode.

Let me emphasize: We're not talking about hidden dangers or surprise issues. It's sort of like looking at a house that has lots of shattered windows and a front door left ajar. When somebody "breaks into" that house, they're actually just walking in -- with little real effort to beat any so-called security perimeter. 

In the federal government's case, it's time to address the basics -- documenting business processes and then applying automation to spot known vulnerabilities and apply the associated patches. In the meantime, it doesn't take a genius to penetrate many government systems. The doors and windows are wide open...

Subscribe: Want to receive our blog headlines in your inbox each business day? Then subscribe to our enewsletter. Thanks to those who already have.