Report: Fifty-eight percent of Energy computers went months without bug fixes

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2012/11/report-fifty-eight-percent-energy-computers-went-months-without-bug-fixes/59559/

By Aliya Sternstein
Nextgov
November 15, 2012

A perhaps disturbing summation of the state of federal cyber security: 
An internal audit found nearly 60 percent of Energy Department desktop 
computers were missing critical software patches -- and those findings 
don’t surprise security experts.

Officials risk disrupting agency business by applying patches because 
fixes likely would require pausing widely used programs, said Patrick 
Miller, chief executive officer of EnergySec, a federally funded 
public-private partnership.

The inspector general audit, which was released this week, covered 
unclassified systems at administrative offices departmentwide.

“It would actually be more damaging to the organization to patch it than 
to not patch it,” Miller said. “The reality is most organizations, the 
larger they get, the harder it is for them to manage their patching.” It 
is unclear whether the department compensated for holes by using other 
safeguards, such as firewalls.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org