http://www.infoworld.com/articles/hn/xml/03/01/24/030124hnuspatches.xml By Grant Gross January 24, 2003 WASHINGTON -- U.S. government agencies gained a new tool for fighting computer vulnerabilities this week with the launch of a new service that helps them find the security patches they need. The Patch Authentication and Dissemination Capability (PADC) program at the Federal Computer Incident Response Center (FedCIRC) is designed to provide an easy-to-use, one-stop shop for federal IT security administrators hunting through the "forest" of software patches available, said Sallie McDonald, assistant commissioner with the U.S. Office of Information Assurance and Critical Infrastructure Protection. The free service, available to federal civilian agencies such as the Department of the Interior, allows systems administrators to register their IT equipment and then notifies them when relevant patches become available. PADC tests the patches and also rank them by what it considers their order of importance. In the past, federal systems administrators had to search for patches on their own, sometimes picking through hundreds of patches to find what they needed. "What we're hoping to do is make this an easier process for systems administrators," McDonald said. "They'll only get notified of the vulnerabilities they need to know about, and they'll see how significant the patch is, so they'll know if they need to apply it right away or if they can wait until next weekend." About 13 major federal agencies had signed up for the service by the launch Tuesday, she said. The next logical step would be to establish a system that can scan agency servers for vulnerabilities, McDonald said. The security patch "clearinghouse" helps agencies satisfy the rules of the Federal Information Security Management Act of 2002, passed in December, which requires federal agencies have patch management processes. The first draft of President George W. Bush's National Strategy to Secure Cyberspace, released in September, suggests a similar national clearinghouse should be set up to serve private businesses. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 11:36:50 PST