[ISN] Report: Fifty-eight percent of Energy computers went months without bug fixes

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Nov 2012 02:23:04 -0600 (CST)
http://www.nextgov.com/cybersecurity/2012/11/report-fifty-eight-percent-energy-computers-went-months-without-bug-fixes/59559/

By Aliya Sternstein
Nextgov
November 15, 2012

A perhaps disturbing summation of the state of federal cyber security: 
An internal audit found nearly 60 percent of Energy Department desktop 
computers were missing critical software patches -- and those findings 
don’t surprise security experts.

Officials risk disrupting agency business by applying patches because 
fixes likely would require pausing widely used programs, said Patrick 
Miller, chief executive officer of EnergySec, a federally funded 
public-private partnership.

The inspector general audit, which was released this week, covered 
unclassified systems at administrative offices departmentwide.

“It would actually be more damaging to the organization to patch it than 
to not patch it,” Miller said. “The reality is most organizations, the 
larger they get, the harder it is for them to manage their patching.” It 
is unclear whether the department compensated for holes by using other 
safeguards, such as firewalls.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Fri Nov 16 2012 - 00:23:04 PST

This archive was generated by hypermail 2.2.0 : Fri Nov 16 2012 - 00:51:42 PST