You can argue with some of the tiny details about how Microsoft schedules patches, but the elephant in the room is that nobody has thought through continuous patching better or for longer than Microsoft.

All software needs to be patched. There will always be new attacks on software, new classes of vulnerabilities, and new zero-days discovered. The only way to handle these is to be really good and fast at patching.

For the vast majority of software, patching is damn near impossible. Commercial products, embedded systems, cars, drones, dishwashers, televisions, etc… It’s virtually impossible for the typical user to get and apply patches. That’s the Achilles’ heel in the Internet of Things. We are going to be dealing with this for decades.

Most open source doesn’t patch at all. Instead, you just have to move on to the next version of the software. This could involve many API changes that require recoding, retesting, and redeployment. That’s just not feasible for many types of software. Heck, it’s pretty close to impossible to even get notified that libraries you are using even have a problem.

The average time between a vulnerability being published and the surge of exploits is four days. That’s the window for patching. We are in the Stone Age here. We need end-to-end notification and patching across the entire software supply chain.

We simply have to make this problem easier. So whatever you think about Microsoft’s recent changes, it’s clear that almost everyone else nowhere even close. Basically, we need a “Windows Update” for everything – particularly those Internet of Things we keep hearing about.

(About the author: Jeff Williams is cofounder and chief technology officer at Contrast Security)

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access