Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Bug

How Long Does it Take Vendors to Release Patches? 6

Posted by Cliff from the anyone-got-a-stopwatch dept.
MasterMynd asks: "In the IT field I'm frequented with questions regarding security updates of the OS's that we use. In my IT department we use a real mixture of OS's for desktops in addition to our many NOS's. More often then not I don't have an answer as to the routine question of how soon a security patch will be available. Normally I give "It should be done in about a week" as my answer. But truth remaining I don't have any answer as to when it will be available because vendors aren't forthcoming about such info. Rumours and anecdoes abound in how long it normally takes to get a patch. Are there any current reports anywhere showing a comparison of how much time it takes to produce a patch or workaround from the time it's discovered until it's available for download, from the major NOS & Desktop vendors?" Ask computer security becomes more and more important, such resources will become invaluable. Any clues as to where such may be found?
This discussion has been archived. No new comments can be posted.

How Long Does it Take Vendors to Release Patches? More

How Long Does it Take Vendors to Release Patches?

Comments Filter:
  • it's one day for each inch in this piece of string I have here in my desk drawer!

  • Honesty is the best policy (Score:1, Insightful)

    by Anonymous Coward
    More often then not I don't have an answer as to the routine question of how soon a security patch will be available. Normally I give "It should be done in about a week" as my answer. But truth remaining I don't have any answer as to when it will be available because vendors aren't forthcoming about such info.

    How about a more honest "I don't know because the vendor hasn't announced a schedule." Or, "I'll install the patch as soon as it is available."

  • Securityfocus did this sort of study.

    I can't find the whole thing, but there's
    a summary at linux weekly news [lwn.net], and googling for "days recess security focus microsoft linux" or similar might help (days of recess is a measure of response time).

    Sumner
  • My own view is that the software vendor should release 'timely' patches - in many cases less than one week is good going (Apple patches OSX); in other cases a major architectural change may be required which would lead to a 'workaround' until fixed. I suppose this really comes back to the key question of how security defects/exploits are reported - to the vendor in a responsible manner, to the vendor under a "less open" mechanism (ahem - see /. past, present and future) or directly to the net at large.

Slashdot Top Deals

The use of money is all the advantage there is to having money. -- B. Franklin

Close