The Patching Play

April 25, 2022

I read “Patching Is Security Industry’s ‘Thoughts and Prayers’: Ex-NSA Man Aitel.” The former leader of ImmunitySec asserts that patching delivers a false sense of security. Other industry experts believe that patching has some value. Both are correct. In my opinion, both are missing an important aspects of patching software and systems to keep bad actors at bay.

What’s my view?

Patching — real or pretend — is a launch pad for marketing. A breach occurs and vendors have an opportunity to explain what steps have been taken to protect the software and services, partners, customers, and in some cases the vendors themselves. Wasn’t it Solar something?

Microsoft explained that bad actors marshaled a team of 1,000 programmers. That’s marketing because the bad actors were in that case countries, not disgruntled 40 years olds in a coffee shop.

The name of the game is cat and mouse. The bad actors find a flaw, exploit it, or sell it. The good actors respond the the issue and issue an alleged patch. The PR machines, which is like Jack Benny’s Maxwell with a transplanted Tesla electric motor fires up.

Will the wheels fall off? Haven’t they?

Stephen E Arnold, April 25, 2022

Written by Stephen E. Arnold · Filed Under cybersecurity, Marketing, News

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.