[ISN] Security patch award due soon

From: InfoSec News (isnat_private)
Date: Fri Oct 04 2002 - 02:22:01 PDT

  • Next message: InfoSec News: "[ISN] Report: Satellites at Risk of Hacks"

    By Diane Frank 
    Oct. 3, 2002
    Government agencies soon should be able to tap a free service that 
    will ensure that they get the right security patches to plug holes in 
    their software.
    The General Services Administration's Federal Computer Incident 
    Response Center this week expects to award its patch dissemination 
    service, said Sallie McDonald, assistant commissioner for information 
    assurance and critical infrastructure protection at GSA's Federal 
    Technology Service. 
    Agencies will be able to subscribe for free to the service and include 
    a profile of the operating systems and applications in their networks. 
    This will ensure that when new vulnerabilities or exploits are 
    discovered, only the ones that apply to a particular agency's networks 
    will be sent, McDonald said.
    In addition to an alert, the service will provide agencies with steps 
    to take to mitigate the effect until a patch can be developed. Once a 
    patch is available, the service will test it and make sure that the 
    patch does indeed fix the problem before sending it out to agencies, 
    McDonald said.
    No policy or provision yet exists for agencies to report back to 
    FedCIRC that they have applied the appropriate patches, but such a 
    procedure is recommended in the Office of Management and Budget's 
    guidance on the Government Information Security Reform Act of 2000. 
    And talks are under way to make the guidance a requirement, said 
    Richard Clarke, chairman of the Critical Infrastructure Protection 
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 04:54:15 PDT