Why Patches Fail
Trackd Team
April 17, 2024
In this blog series, we’ll look at some of the more mundane – albeit common and operationally-significant – reasons patches fail.
News, stories and insights from the team at trackd
In this blog series, we’ll look at some of the more mundane – albeit common and operationally-significant – reasons patches fail.
The only thing better than learning from your own mistakes is learning from the mistakes of others. At trackd, we have come up with a radically simple but elegant solution to help organizations differentiate between
At trackd, our free users are essential to our business plan; we literally can’t deliver the unique solution we’ve designed without them.
It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an operational cost to be paid for security. Security controls create inefficiencies, and those security measures can also introduce operational
The vulnerability management market answers every question a practitioner or cybersecurity professional could want answered…except the only one that matters: will this patch break my shit.
In today’s threat landscape, you don’t have to be a high-profile private or public organization to be targeted. You don’t have to be storing highly valuable technology IP or high-value health records, and you don’t
It’s time for vulnerability management technology innovators to spend less time identifying and reporting on vulnerabilities, and more time building tools to help IT teams fix them more efficiently…and without their fingers constantly crossed.
It probably makes sense to take the hyperventilating stories of cutting-edge attack vectors with a grain of salt. There will come a day when the primary means of initial penetration become obsolete or are abandoned
The only thing that matters is whether the person responsible for product security is able to convince all stakeholders to care about the risks associated with the absence of secure software development practices or not.
As a cyber security community, we need to re-think our commitment to – and investment in – compliance. Can we all agree it’s not working? If successful breaches were confined to organizations that either didn’t
In this blog series, we’ll look at some of the more mundane – albeit common and operationally-significant – reasons patches fail.
The only thing better than learning from your own mistakes is learning from the mistakes of others. At trackd, we have come up with a radically simple but elegant solution to help organizations differentiate between the 98% of patches that are necessary and safe, and the 2% that will have your clients calling you on the weekends.
At trackd, our free users are essential to our business plan; we literally can’t deliver the unique solution we’ve designed without them.
It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an operational cost to be paid for security. Security controls create inefficiencies, and those security measures can also introduce operational risk.
The vulnerability management market answers every question a practitioner or cybersecurity professional could want answered…except the only one that matters: will this patch break my shit.
In today’s threat landscape, you don’t have to be a high-profile private or public organization to be targeted. You don’t have to be storing highly valuable technology IP or high-value health records, and you don’t have to piss off a hacktivist group with a bone to pick. You simply have to have an unpatched vulnerability that pops up on a list delivered to a threat actor after indiscriminately scanning the internet.
It’s time for vulnerability management technology innovators to spend less time identifying and reporting on vulnerabilities, and more time building tools to help IT teams fix them more efficiently…and without their fingers constantly crossed.
It probably makes sense to take the hyperventilating stories of cutting-edge attack vectors with a grain of salt. There will come a day when the primary means of initial penetration become obsolete or are abandoned by the cyber criminal community in favor of something revolutionary. However, the cyber security community – the good guys – will first need to render them ineffective and, unfortunately, we don’t seem to be close to achieving that reality.
The only thing that matters is whether the person responsible for product security is able to convince all stakeholders to care about the risks associated with the absence of secure software development practices or not. If they’re unable to do this then building security components into software will always be driven reactively as a result of an incident.
As a cyber security community, we need to re-think our commitment to – and investment in – compliance. Can we all agree it’s not working? If successful breaches were confined to organizations that either didn’t invest in compliance or were unsuccessful achieving it, then we could talk. But we all know that’s not the case. We need to start thinking about taking that 40% and investing more in the things that have the best chance of making the bad guys’ lives more difficult. We won’t win every battle, but at least we’ll be fighting the right war.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.