[ISN] U.S. agencies get help with security patches

From: InfoSec News (isnat_private)
Date: Sat Jan 25 2003 - 03:03:51 PST

  • Next message: InfoSec News: "Re: [ISN] Gates pledges better software security"

    By Grant Gross 
    January 24, 2003 
    WASHINGTON -- U.S. government agencies gained a new tool for fighting
    computer vulnerabilities this week with the launch of a new service
    that helps them find the security patches they need.
    The Patch Authentication and Dissemination Capability (PADC) program
    at the Federal Computer Incident Response Center (FedCIRC) is designed
    to provide an easy-to-use, one-stop shop for federal IT security
    administrators hunting through the "forest" of software patches
    available, said Sallie McDonald, assistant commissioner with the U.S.  
    Office of Information Assurance and Critical Infrastructure
    The free service, available to federal civilian agencies such as the
    Department of the Interior, allows systems administrators to register
    their IT equipment and then notifies them when relevant patches become
    available. PADC tests the patches and also rank them by what it
    considers their order of importance.
    In the past, federal systems administrators had to search for patches
    on their own, sometimes picking through hundreds of patches to find
    what they needed.
    "What we're hoping to do is make this an easier process for systems
    administrators," McDonald said. "They'll only get notified of the
    vulnerabilities they need to know about, and they'll see how
    significant the patch is, so they'll know if they need to apply it
    right away or if they can wait until next weekend."
    About 13 major federal agencies had signed up for the service by the
    launch Tuesday, she said. The next logical step would be to establish
    a system that can scan agency servers for vulnerabilities, McDonald
    The security patch "clearinghouse" helps agencies satisfy the rules of
    the Federal Information Security Management Act of 2002, passed in
    December, which requires federal agencies have patch management
    processes. The first draft of President George W. Bush's National
    Strategy to Secure Cyberspace, released in September, suggests a
    similar national clearinghouse should be set up to serve private
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat Jan 25 2003 - 11:36:50 PST