http://www.nextgov.com/cybersecurity/2012/11/report-fifty-eight-percent-energy-computers-went-months-without-bug-fixes/59559/ By Aliya Sternstein Nextgov November 15, 2012 A perhaps disturbing summation of the state of federal cyber security: An internal audit found nearly 60 percent of Energy Department desktop computers were missing critical software patches -- and those findings don’t surprise security experts. Officials risk disrupting agency business by applying patches because fixes likely would require pausing widely used programs, said Patrick Miller, chief executive officer of EnergySec, a federally funded public-private partnership. The inspector general audit, which was released this week, covered unclassified systems at administrative offices departmentwide. “It would actually be more damaging to the organization to patch it than to not patch it,” Miller said. “The reality is most organizations, the larger they get, the harder it is for them to manage their patching.” It is unclear whether the department compensated for holes by using other safeguards, such as firewalls. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 16 2012 - 00:23:04 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 16 2012 - 00:51:42 PST