Gartner Blog Network

Category: 'patching' Blog Posts

from the Gartner Blog Network

WannaCry or Useful Reminders of the Realities of Vulnerability Management

by Anton Chuvakin  |  May 18, 2017

WannaCry whatever. Not that I am keyword trawling, but this recent Windows XP/NSA/North Korea/ransomware/bitcoin/OMG drama made me think about good old vulnerability management again – especially given that it is...

Read more »

Vulnerability Management #1 Problem - After All These Years!

by Anton Chuvakin  |  October 13, 2015

It is 2015 – so how come we don’t know which system vulnerabilities to fix first?! Depending on how one counts, the first vulnerability assessment (VA) tools (aka “vulnerability scanners”)...

Read more »

Critical Vulnerability Kills Again!!!

by Anton Chuvakin  |  October 6, 2014

A killer vulnerability KILLS AGAIN!!! Another “branded vulnerability” – Shellshock – is heeeeere! Run for the hills, escape the planet, switch to a “secure OS” (Windows 3.1 fits the bill),...

Read more »

If You Use Window XP - You Are NOT PCI DSS Compliant!

by Anton Chuvakin  |  April 10, 2014

It should be *painfully* obvious to anybody that in a few short weeks [or maybe now, depending on how you interpret it] any merchant using Windows XP systems or devices...

Read more »

My Updated Vulnerability Management Practices Paper Publishes

by Anton Chuvakin  |  February 11, 2014

With much less trepidation than usual (since this is an update), I am announcing the publication of my “Vulnerability Assessment Technology and Vulnerability Management Practices” paper. This is an update...

Read more »

Cannot Patch? Compensate, Mitigate, Terminate!

by Anton Chuvakin  |  October 28, 2013

So, you accepted your limitations and settled on security patching timelines similar to this: (source: “Improve Patch Management by Assessing Maturity and Applying Best Practices to Your IT Systems”) Is...

Read more »

What is Your Minimum Time To Patch or "Patch Sound Barrier"

by Anton Chuvakin  |  October 9, 2013

My time this quarter is not only occupied by the exciting realm of big data, but also by the less exciting – but waaaaay more common – problem: security patching....

Read more »

Next Research Project: From Big Data Analytics to ... Patching

by Anton Chuvakin  |  September 12, 2013

Please wish me luck! My next research quarter (that I just started up) will be an ultimate example of schizophrenia. Specifically, I will handle two separate projects: Using “big data”...

Read more »

Patch Management – NOT A Solved Problem!

by Anton Chuvakin  |  May 6, 2013

We again interrupt our regular programming (on network forensics and security data sharing this quarter) to delve into a subject much removed from the exciting world of APT fighting, “kill...

Read more »

On Vulnerability Prioritization and Scoring

by Anton Chuvakin  |  October 6, 2011

vulnI am starting my new research project for Q4 2011 (stepping briefly away from PCI DSS compliance): on vulnerability management. As I am going through existing Gartner coverage of the...

Read more »