[ISN] GSA awards patch system contract

From: InfoSec News (isnat_private)
Date: Mon Nov 18 2002 - 05:27:48 PST

  • Next message: InfoSec News: "[ISN] BIND Flaws Reignite Security Debate"

    By Diane Frank 
    Nov. 18, 2002
    The General Services Administration this month awarded Veridian Corp.  
    a contract to develop a system that will deliver specific software
    security patches to agencies that need to plug holes in their systems.
    The patch dissemination system is expected to help prevent the large
    number of network intrusions caused by known vulnerabilities and
    security weaknesses for which vendors have already issued patches,
    according to GSA officials.
    The service, managed by GSA's Federal Computer Incident Response
    Center and free to all civilian agencies, is expected to be available
    in February 2003, said Sallie McDonald, assistant commissioner for
    information assurance and critical infrastructure protection at GSA.
    Agencies will submit a profile of the systems and software on their
    network, so Veridian knows what patches they need. As new security
    problems are discovered, Veridian will advise agencies on what steps
    to take until the patch is available and will test the effectiveness
    of the patch before disseminating it, officials said.
    It is very important that "someone is going to test the patches and
    provide authoritative feedback on what might break," said Alan Paller,
    director of research at the SANS Institute. Without that assurance,
    many agency officials would likely not apply patches simply because
    they would not want to take the chance that another critical system
    could be affected, he said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Nov 18 2002 - 08:11:42 PST