Professional Documents
Culture Documents
Abstract
1. Introduction
Patching of software’s has been a concise way of keeping software’s reliable. In the past,
patching was focused on increasing functionality unlike today. (Risk Assessment – Cisco, n.d.;
Executive Office of The United States, 2005). Now that a large number of people know the
potential threat due to poor patching, most people are working on increasing security.
(Epstein, Grow & Tschang, 2008). With so much at stake, security implementation is being
done at a much quicker rate than before. (Chan, 2004). Over the past couple of years,
software exploitation has gravely been cut down. Almost up to 100% of the time, software
weakness is discovered through known weaknesses or configuration mistakes which can
easily be corrected. (Network Integration Services, 2010).
Majority of organisations strive to maintain high software security awareness and try to curb
a problem before it gets out of hand. Factors that can affect the action time to deal with the
patching include;
i. Appropriate expert; this is a person who can easily diagnose the problem
and fix it. Lack of an expert can heavily derail the whole response time.
ii. The application may be owned by someone else hence problems such as;
third party doesn’t have the resources to fix it or there are legal issues
involved e.g. SLA agreements.
iii. Fear that a new patch software my introduce problems e.g. financial ‘due to
break down’ to a system that seems to works well. This so called
improvement my introduce bugs, make the system unstable. So after
weighing the options, most organisations opt to remain with their working
system than to risk upgrading it and getting more problems.
2.2 Architecture
Virtual patching success mostly depends on the architecture, in this case, Mod Security –
this is an Open Source Web Application Firewall (WAF) for custom Virtual Patches.
6. Conclusion
References