Educause Security Discussion mailing list archives
Patching practices inquiry
From: Clifford Collins <collinsc () FRANKLIN EDU>
Date: Fri, 26 Feb 2010 11:12:02 -0500
I would like to know what other academic institutions practice when it comes to patching workstations, servers, and network gear. Do you test patches? If so, then how ? How long do you wait before pushing them? Or do you just patch on a set cycle? What constitutes an emergency patch that you apply out of cycle? Do you use any specific criteria for evaluating the severity of the vulnerability in decision making? Do you have any suggestions on where to find "best practices" on the subject? You can send your responses to me directly and, if there is much interest, I will summarize the results on the list. Thank you in advance for responding! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
Current thread:
- Patching practices inquiry Clifford Collins (Feb 26)