Patch Management - like dating - can be greatly improved by sharing information.

Cheating Guys and Patch Management (Yup, you read that right.)

Sometimes the Internet gets a bad wrap. Sure, it can be a cesspool of soul-stealing content, and social media may be ruining our childrens’ brains, but now and then it surprises us with a hyper-valuable service, not to mention a great application for information sharing. Last week I was driving with my 24-year-old daughter when she told me about a series of Facebook groups in various cities called “Are We Dating the Same Guy?”, an information-sharing concept designed to expose the many troglodytes (fathers of daughters will understand the use of this noun here) in today’s dating scene. In short, young women that have been asked out by – or are considering dating – a new guy will post his picture on the Facebook group page to make sure he’s not already involved in a relationship. My daughter assures me that it’s not at all uncommon for cretins of any and all types to be exposed. OK, so what does this have to do with patch management?

Sharing Information to Combat a Common Enemy

My first thought: what a great application of information sharing for the protection of a community (young, single women) from a common enemy (asshole guys). Moreover, the parallel between this Facebook group and what we’re doing at trackd is both striking, and fun to think about, particularly the arithmetic. As we’ve talked about in other blog posts, more than 98% of patches result in no disruption after they’re deployed, so they’re considered safe. As a father, it would be nice to believe that, similarly, 98% of the guys out there in the dating pool are “safe”, and it very well may be the case that the 2% – the kind called out in Facebook groups – give the other 98% a bad name, but biological reality and personal observations of young men would suggest otherwise. 

Information Sharing in Patch Management

But no matter what the math says, it sure is nice to have some intelligence in the form of actual data to highlight the miscreants, whether they be mugs on a Facebook page, or the small percentage of patches that have a history of disruption. The goal is to identify the 2% (or whatever the figure is in the dating world) that are dangerous. That’s where trackd comes in; we’re the “Are We Dating the Same Guy” for the patch management community. The trackd platform records the experience of vulnerability remediation practitioners after they’ve applied a given patch, anonymizes that data, and then shares it in real-time with all other trackd platform users. The data enables remediation teams to identify the small percentage of patches that are likely to break something, and practitioners can then test and deploy accordingly. More importantly, the trackd platform helps those responsible for patching identify the 98% of patches that are unlikely to cause a disruption and can therefore be considered candidates for auto-updates, minimizing the patching resources burden on the remediation team.

Think of trackd as the platform that identifies the asshole patches before they cause a problem.

So whether we’re talking about sharing indicators of compromise (IoCs) in the cyber security community, Google Reviews of a new restaurant, exposing the bad behavior of potential dating partners, or identifying – before they’re applied – security patches that are most likely to cause disruption, shared information is powerful. Indeed, invaluable.